Date: Fri, 22 Mar 2002 18:04:44 -0500 From: "Simon" <simon@optinet.com> To: "Alastair D'Silva" <deece@newmillennium.net.au>, "Dave" <dave@hawk-systems.com>, "freebsd-isp@freebsd.org" <freebsd-isp@freebsd.org> Subject: RE: Questions about Apache Message-ID: <20020322225847.184A237B419@hub.freebsd.org> In-Reply-To: <001c01c1d1f1$eda14fe0$3200a8c0@riker>
next in thread | previous in thread | raw e-mail | index | archive | help
Do not run your HTTPS daemon as root. On Sat, 23 Mar 2002 09:35:54 +1100, Alastair D'Silva wrote: >I would argue the opposite, a script that is only executable by the >webserver, and checks the UID of the user executing it (and possibly >encrypting it with a reversible encryption based on something unique to >the system such as the hostname, as well as parameters specified on the >command line) is considerably more secure than simply leaving the key >unencrypted. > >Consider the case when some random buffer overflow in your webserver >allows an intruder to execute arbitrary code on the server. It is >(obviously) trivial for them to retrieve the unencrypted key from the >disk, as the web server user must be able to read it anyway. If it is >encrypted, they must not only retrieve the key, but also determine which >executable generates the pass phrase, determine what parameters are >required to run it and finally run it, all without reading the >executable itself to determine its structure. > >-- >Alastair D'Silva B. Sc. mob: 0413 485 733 >Networking Consultant >New Millennium Networking http://www.newmillennium.net.au > >> -----Original Message----- >> From: Dave [mailto:dave@hawk-systems.com] >> Sent: Saturday, 23 March 2002 1:27 AM >> To: Alastair D'Silva; 'Tyler'; freebsd-isp@freebsd.org >> Subject: RE: Questions about Apache >> >> >> Pay attention to the security warnings about this. You may >> be better off not password protecting your key and letting >> the file permissions(root read only) take care of the >> security of it rather than having a password sitting in a >> file somewhere waiting to be parsed. Either choice is really >> dependant on how you have your security model set up. >> >> Dave > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020322225847.184A237B419>