httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: inetd most secure?
Date Tue, 08 Jul 1997 00:22:01 GMT
That makes no sense unless you add in "run it from inetd as a user other
than root". 

But we could achieve a similar "level of security" by providing a -P
command switch which passes in an already open socket (can be repeated).
Then write a setuid wrapper which opens the socket, becomes a non-root
user, and launches httpd -P <socket_fd>.  This is how inn runs. 

Dean


On Mon, 7 Jul 1997, Brian Behlendorf wrote:

> In http://www.apache.org/docs/mod/core.html#servertype we say:
> > SECURITY: if you are paranoid about security, run in inetd mode. Security  
> > cannot be guaranteed in either, but whilst most people are happy to use 
> > standalone, inetd is probably least prone to attack.
> 
> What logic is this comment based on?
> 
> 	Brian
> 
> 
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> "Why not?" - TL                brian@organic.com - hyperreal.org -
> apache.org
> 


Mime
View raw message