httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francis Roy <li...@unimportantstuff.com>
Subject Re: [users@httpd] Apache permissions stabs new Linux user in face with icepick. Suggestions?
Date Thu, 10 Mar 2016 04:08:07 GMT
On 16-03-09 09:47 PM, Kurtis Rader wrote:
> On Wed, Mar 9, 2016 at 6:38 PM, Francis Roy <lists@unimportantstuff.com
> <mailto:lists@unimportantstuff.com>> wrote:
>
>     Thank you that answers my question quite nicely. It's not a giant
>     flag waving at the internet, but if someone got a hold of my machine
>     directly, it could provide a small bit of information used in a
>     general strategy.
>
>
> Just to be pedantic "they" don't have to get a hold of your machine
> directly. If the attacker can install software of their choosing, say by
> exploiting a vulnerability in your web server, then that software could
> exploit the looser permissions on your home directory. But that is moot
> given that you already had to grant the web server access to your home
> directory in order to support your requirements. The concern now is
> whether user accounts on your machine other than the one running the
> apache web server can exploit those looser permissions.

It's my personal, sole-user development machine tucked away behind a 
NAT. I just wanted to be sure that I wasn't doing the equivalent of 
opening up common ports.

By the way, can you recommend a good, practical Linux security forum or 
list? New OS means I have to learn new specifics and tricks.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message