httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [users@httpd] httpd folder is owned by root
Date Thu, 10 Jul 2008 18:08:49 GMT
VPN Cluster wrote:
> After successful compilation of Apache 2.2.9 , Apache folder on 
> /usr/lcoal/httpd is owned by root:root.
> 
> It should be owned by apache:apache. 

Never.  Absolutely not.  Anyone who compromises apache with an arbitrary
code execution exploit or uses any number of vulnerable scripts or even
untrusted content authors would be able to modify the installation of
Apache itself.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message