Date: Wed, 20 Dec 2006 20:32:00 +0100 From: <jm-79@hotmail.com> To: Frank Steinborn <steinex@nognu.de> Cc: freebsd-apache@freebsd.org Subject: RE: apache root loader Message-ID: <BAY115-W62A6CDD9502F94043AACDEBCF0@phx.gbl>
next in thread | raw e-mail | index | archive | help
That Apache need root access to bind to port 80 is possible to go around by= using portacl and allow user www to bind to that port. I read up on the how the i= nit process works and it loads all conf files and then spawns childs that handle the rest. Bu= t i still wonder if that is the best way, is it not possible to gain root access since Apache has ro= ot privs to get root access with some exploit. I know it's not possible to go from child to moth= er so if it's like that it's not possible to get root but ... i just wonder :) ---------------------------------------- > Date: Wed, 20 Dec 2006 06:18:21 +0100 > From: steinex@nognu.de > To: jm-79@hotmail.com > CC: freebsd-apache@freebsd.org > Subject: Re: apache root loader >=20 > jm-79@hotmail.com wrote: > >=20 > > Hi, > >=20 > > I wonder how many of you that use apache just straight from ports. I di= d a apache port install and discovered now by suprise that of course apache= need root access to start. My question is how many of you guys has remove= d it if anyone have and why does no documents discuss this topic, is it ass= umed that this little root access can't do much harm so no need to make it = run 100% ass the www user. > >=20 > > Looking forward for some replies. > > Jake! >=20 > Apache will need root initially to bind to privileged port 80 > (remember, ports 1-1024 are reserved for root). However, it will drop > privileges and runs under uid 80 (www) then - assumed that you use the > port. >=20 > Frank=20 _________________________________________________________________ Prova Live.com - din snabba, personliga hemsida med allt du kan =F6nska dig= p=E5 ett enda st=E4lle. http://www.live.com/getstarted=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY115-W62A6CDD9502F94043AACDEBCF0>