Date: Fri, 2 Feb 2001 10:53:46 -0700 (MST) From: "David G. Andersen" <dga@pobox.com> To: mh@neonsky.net (Richard Ward) Cc: freebsd-security@FreeBSD.ORG Subject: Re: Apache uid/gid Message-ID: <200102021753.KAA24081@faith.cs.utah.edu> In-Reply-To: <001101c08d40$c6159360$0101a8c0@pavilion> from "Richard Ward" at Feb 02, 2001 12:50:21 PM
next in thread | previous in thread | raw e-mail | index | archive | help
The process running as root is the master process. Don't kill it,
don't step on it, it's doing what you want. It doesn't handle
requests; the non-root children do.
You're right, btw - this has nothing to do with FreeBSD security. :)
-Dave
Lo and behold, Richard Ward once said:
>
> I'm not too sure this has anything to do with actual FreeBSD security, though it has been on my mind for some time. I'm running Apache 1.3.12 and it's binding to user and group id "nobody". When I start apache with apachctl, it spawns the amount of daemons listed in httpd.conf, though one of those spawns are running as root. I can kill the process running as root and all is well.
>
> My question is: Is this a threat? Having this mystery process that's not binding to the correct uid/gid specified, does it defeat the whole purpose of binding Apache to it's own user/group?
>
> Thanks.
> --
> Richard Ward, CEO
> richard@neonsky.net
> Neonsky Internet Services
>
--
work: dga@lcs.mit.edu me: dga@pobox.com
MIT Laboratory for Computer Science http://www.angio.net/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102021753.KAA24081>