www-gui-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: An interface to Apache
Date Mon, 23 Jun 1997 18:15:43 GMT
On 23 Jun 1997 borud@guardian.no wrote:

> it should run as a different user than root AND a different user than
> the httpd it is supposed to configure.  if it runs as root it's just a
> question of time before someone severely compromises the machine.  (I
> know, I have cleaned up after several disasters of that flavor.)

Agreed.

> 
> the configuration server should under no circumstances run as root.
> the tasks you need to perform as root should be contained within
> separate programs suid that do _nothing_ else than, start, stop, or
> restart the server.
> they should be as simple as possible and as paranoid as possible.
> although I have great confidence in those who have written the Apache
> httpd code, httpd is simply too much code and it is close to
> impossible to be even remotely sure there is nothing that can be
> exploited within it.

The problem is that if you can modify the config files, then in most
setups (ie. where Apache is started by root) you can get root.  As simple
as that.  Running the admin server as a non-root UID just adds another
step to the process of getting root.



Mime
View raw message