httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ingo Lütkebohle" <i...@blank.pages.de>
Subject Re: running server as root (Was: Re: PUT method)
Date Sat, 12 Jul 1997 20:11:13 GMT
Marc Slemko wrote:
> If you have a real uid of root, then if someone finds something like a
> buffer overflow in the code that is exploitable they can get root.  Sure,
> takes another couple of syscalls but no big deal.  That is not good.

Isn't that the case for almost every other server you care to mention?
What about switching to an EUID of nobody early in the request
processing stage?

---/dev/il

Mime
View raw message