Date: Fri, 2 Feb 2001 12:56:42 -0500 From: "Richard Ward" <mh@neonsky.net> To: "David G. Andersen" <dga@pobox.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Apache uid/gid Message-ID: <002701c08d41$810430a0$0101a8c0@pavilion> References: <200102021753.KAA24081@faith.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
It doesn't handle requests? That's something I didn't know. Thanks for = shedding light on this, and sorry to those who are also saying "This has = nothing to do with FreeBSD security". -- Richard Ward, CEO richard@neonsky.net Neonsky Internet Services ----- Original Message -----=20 From: David G. Andersen <dga@pobox.com> To: Richard Ward <mh@neonsky.net> Cc: <freebsd-security@FreeBSD.ORG> Sent: Friday, February 02, 2001 12:53 PM Subject: Re: Apache uid/gid > The process running as root is the master process. Don't kill it, > don't step on it, it's doing what you want. It doesn't handle > requests; the non-root children do. >=20 > You're right, btw - this has nothing to do with FreeBSD security. :) >=20 > -Dave >=20 > Lo and behold, Richard Ward once said: > >=20 > > I'm not too sure this has anything to do with actual FreeBSD = security, though it has been on my mind for some time. I'm running = Apache 1.3.12 and it's binding to user and group id "nobody". When I = start apache with apachctl, it spawns the amount of daemons listed in = httpd.conf, though one of those spawns are running as root. I can kill = the process running as root and all is well. > >=20 > > My question is: Is this a threat? Having this mystery process that's = not binding to the correct uid/gid specified, does it defeat the whole = purpose of binding Apache to it's own user/group? > >=20 > > Thanks. > > -- > > Richard Ward, CEO > > richard@neonsky.net > > Neonsky Internet Services > >=20 >=20 >=20 > --=20 > work: dga@lcs.mit.edu me: dga@pobox.com > MIT Laboratory for Computer Science = http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002701c08d41$810430a0$0101a8c0>