httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: Configuration Issues to Address [was Re: Dynamic configuration for the hackathon?]
Date Thu, 03 Apr 2008 14:17:47 GMT
Jorge Schrauwen wrote:
>>  ... if we had a config finalize, modules who were prepared to declare
>>  their config (e.g. mod_vhost declaring the per-host directory merges
>>  "completed") then as-root, we can finish these out, opening logs with
>>  full privileges.  Other merges will happen at run time (or be optimized
>>  when we can accomplish this) per-request.
> 
> So does a setup like this make it possible for the processes/thread
> handling the request to change to the correct UID/GID before
> reading/writing files? Just something that popped into my head when
> reading this.

No.  Once the httpd engine finishes the config phase altogether, we
continue to drop from root to the desired UID/GID and that process
must not have the privilege to change these again.  The request engine
... which is the container where exploits are targeted, must remain
secure.

Mime
View raw message