httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vincent Bray" <nood...@gmail.com>
Subject [users@httpd] Implications of starting apache as non-root
Date Tue, 14 Aug 2007 09:49:19 GMT
Hi,

Assuming that the option to do so is available, is it any more or less
secure to start the parent process as non-root?

For example, say apache is running a single application behind a load
balancer so the port number doesn't matter.

Pros:

There's no chance that a security hole could lead to root-level
privilege escalation (or simillar, like the recent discussion about
the parent sending signals to the wrong processes).

There's no need for root level access at any point in the lifetime of
the server, so for example holes in startup scripts will be mitigated.

Cons:

The 'workers' have the same privileges as the parent, so could for
example (assuming a badly written script allows for remote command
execution) write to some resource that would block the parent, such as
the accept lock or a predictable log file name, causing a DOS.

Use of a high port could allow another non-root process to block the
listener by opening it while the server is down.


Opinions? It's mainly a hypothetical question for now but later this
year I expect I'll need to consider it.

-- 
noodl

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message