-----Message d'origine----- >De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Joshua Slive >Envoyé : jeudi 8 novembre 2007 14:56 >À : users@httpd.apache.org >Objet : Re: [EMAIL PROTECTED] apache as non-root > >On Nov 8, 2007 7:11 AM, Axel-Stephane SMORGRAV <[EMAIL PROTECTED]> wrote: >> Whether Apache is started with sudo or is suid root, anyone able start an >> Apache instance with the configuration of his/her choice can do bad things >> on the server. > >No, if apache is started with normal user privileges, it can't do harm beyond >the privileges of that user. By setting apache suid root, anyone on your >system can obtain complete root access by using the -f flag to specify a >config file. (I won't give specifics of what you need to put in the config >file, but it is quite easy for anyone with some apache knowledge.)
Well, Joshua, that was basically what I was trying to say. If Apache is started with root privileges (whether sudo or setuid) with a carefully crafted configuration, bad things can happen. So the question is rather whether you can entrust some or all legitimate non-root users of the host with the ability to start Apache with root privileges so it can bind to reserved ports, and in that case how you choose to do so. -ascs --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
