httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: apache module's privileges
Date Tue, 15 Dec 2009 22:17:13 GMT
Jordi Prats wrote:

> I've a question about module's permissions. A module with a hook on
> post_config like this:
> 
> static int sixs_code_config(apr_pool_t *p, apr_pool_t *log, apr_pool_t
> *temp, server_rec *s)
> {
>         system("id >/tmp/id_apache_baltar");
>         return OK;
> }
> 
> ap_hook_post_config(sixs_code_config, NULL, NULL, APR_HOOK_FIRST);
> 
> If you start apache with root as usual, you realize that every module
> is able to run code with root privileges:
> 
> # cat /tmp/id_apache_baltar
> uid=0(root) gid=0(root)
> 
> Why is coded this way? Shouldn't run with lower privileges? Maybe some
> modules need root privileges, coudn't be a config option to lower
> permissions or not to do so?

The way it works is that the server runs with root priviledges when the
server starts, and root is used to bind to priviledged ports, open
logfiles and do various tasks that require elevated priviledges.

When the startup phase is complete, the server drops its root
privileges, and at that point it starts to serve requests, in a reduced
privilege environment.

The code you quote above is run as part of the startup phase of the server.

You've said "module's permissions" above, the purpose of modules are to
extend the funcionality of the server, they do not represent a security
boundary of any kind.

Regards,
Graham
--

Mime
View raw message