httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saqib.N....@seagate.com
Subject Re: [users@httpd] dynamic vs static module - security issues
Date Thu, 06 Mar 2003 23:20:51 GMT

if my server is compromised, i will have bigger problems :).... having said
that once my box is compromised, the hacker ccan replace whole apache build
with a malicious one, if they wanted too.

But it is a good point that dynamically loaded modules make it easier to
replace it with a malicious module.

In Peace,
Saqib Ali
"I fear, if I rebel against my Lord, the retribution of an Awful Day (The
Day of Resurrection)" Al-Quran 6:15
http://www.seagate.cc/blog/


|---------+--------------------------->
|         |           Chris Taylor    |
|         |           <chris@x-bb.org>|
|         |           No Phone Info   |
|         |           Available       |
|         |                           |
|         |           03/06/2003 03:15|
|         |           PM              |
|         |           Please respond  |
|         |           to users        |
|         |                           |
|---------+--------------------------->
  >----------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                      
                                                       |
  |        To:      users@httpd.apache.org                                               
                                                       |
  |        cc:                                                                           
                                                       |
  |        Subject: Re: [users@httpd] dynamic vs static module - security issues         
                                                       |
  >----------------------------------------------------------------------------------------------------------------------------------------------|




Well, if your box is compromised.......the attacker would be able to do
pretty much what they like, so substituing a dynamic module for dummy code
would be possible.....in theory.

However, I don't think it's makes the slightest bit of difference unless
that was to happen :)

HTH,

Chris Taylor - chris@x-bb.org - The guy with the PS2 WebServer -
http://www.x-bb.org/chris.asc

----- Original Message -----
From: <Saqib.N.Ali@seagate.com>
To: <users@httpd.apache.org>
Sent: Thursday, March 06, 2003 11:12 PM
Subject: [users@httpd] dynamic vs static module - security issues


> Hi All,
>
> Are there any security issues/concerns with including modules statically
vs
> dynamically? Are statically compiled modules more secure than dynamically
> included modules?
>
> Thanks
>
> In Peace,
> Saqib Ali
> "I fear, if I rebel against my Lord, the retribution of an Awful Day (The
> Day of Resurrection)" Al-Quran 6:15
> http://www.seagate.cc/blog/
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org







---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message