httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jordi Prats <jordi.pr...@gmail.com>
Subject apache module's privileges
Date Tue, 15 Dec 2009 18:27:22 GMT
Hi all,
I've a question about module's permissions. A module with a hook on
post_config like this:

static int sixs_code_config(apr_pool_t *p, apr_pool_t *log, apr_pool_t
*temp, server_rec *s)
{
        system("id >/tmp/id_apache_baltar");
        return OK;
}

ap_hook_post_config(sixs_code_config, NULL, NULL, APR_HOOK_FIRST);

If you start apache with root as usual, you realize that every module
is able to run code with root privileges:

# cat /tmp/id_apache_baltar
uid=0(root) gid=0(root)

Why is coded this way? Shouldn't run with lower privileges? Maybe some
modules need root privileges, coudn't be a config option to lower
permissions or not to do so?

regards,
-- 
Jordi

Mime
View raw message