httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@attglobal.net>
Subject Re: [1.3 PATCH] a different take on forensics
Date Thu, 22 Jan 2004 16:17:31 GMT
Bill Stoddard wrote:

> What is the purpose of the geteuid() call in run_fatal_exception_hook 
> and when might it return 0?

geteuid() returns 0 when running with root privileges

the purpose of not running the hook as root is a nod to the possibility 
that the hook could be hijacked (dunno how since we'd have to be in the 
parent to be running with root privileges but still...) and figuring 
that it is safer to have some limit on how much damage could be done

feature-wise the limitation doesn't seem to be harmful, as I'm not aware 
of any meaningful number of 1.3 crashes in the parent


Mime
View raw message