httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Poirier <>
Subject Re: apache module's privileges
Date Tue, 15 Dec 2009 22:34:35 GMT
Graham Dumpleton <> writes:

> 2009/12/16 Dan Poirier <>:
>> Jordi Prats <> writes:
>>> If you start apache with root as usual, you realize that every module
>>> is able to run code with root privileges:
>> ...
>>> Why is coded this way? Shouldn't run with lower privileges?
>> No. That's not the purpose of apache modules.
> There is a lot more to it than that.

Well, yeah, but the main misconception seemed to be that the purpose of
Apache modules was to limit the privileges available to modules.
("Shouldn't [sic] run with lower privileges?")  In reality if you run
Apache as root and load a module, that module can do anything it wants
as root, and that's by design, not an inherent flaw in Apache.

View raw message