httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Poirier <poir...@pobox.com>
Subject Re: apache module's privileges
Date Tue, 15 Dec 2009 22:34:35 GMT
Graham Dumpleton <graham.dumpleton@gmail.com> writes:

> 2009/12/16 Dan Poirier <poirier@pobox.com>:
>> Jordi Prats <jordi.prats@gmail.com> writes:
>>
>>> If you start apache with root as usual, you realize that every module
>>> is able to run code with root privileges:
>> ...
>>> Why is coded this way? Shouldn't run with lower privileges?
>>
>> No. That's not the purpose of apache modules.
>
> There is a lot more to it than that.

Well, yeah, but the main misconception seemed to be that the purpose of
Apache modules was to limit the privileges available to modules.
("Shouldn't [sic] run with lower privileges?")  In reality if you run
Apache as root and load a module, that module can do anything it wants
as root, and that's by design, not an inherent flaw in Apache.

Mime
View raw message