On Wed, 11 Apr 2001 07:52:43 -0700 (PDT), you wrote:
>Thank you for your answers. I think I was not clear
>enough in my question. I not only start Apache as
>root, but I run it in such as way that the little
>httpd processes that are generally listed as belonging
>to nobody are also running as root. This is an
>unusual way to run Apache and requires that
>"BIG_SECURITY_HOLE" be specified when I compile
>Apache.
>(http://dev.apache.org/apidoc/apidoc_BIG_SECURITY_HOLE.html)
>
>Thank you for the suggestion to Disallow user created
>.htaccess lists, we do have users on this server.
>
>I am still curious if I would be safer if I moved the
>part of the module that needs to be run as root to a
>program that was external to Apache, but which
>communicated with Apache via a pipe. Is the danger
>having anything running as root on the server, or just
>having the apache child processes running as root?
Some Apache features in 2.0 are implemented this way, in fact: cgid,
for example. (And the old NIS+ authentication support I wrote a few
years ago, although that's not public.) A fair amount of effort went
into making sure that was securely done, of course...
Short answer: keep Apache running as nobody, put the root stuff into a
process of its own. Ideally, drop root privileges from it as well
ASAP, although of course that may not be possible; chroot and/or
capability restrictions would also be a good idea, if possible.
James.
_______________________________________________
techtalk mailing list
[EMAIL PROTECTED]
http://www.linux.org.uk/mailman/listinfo/techtalk