From owner-freebsd-apache@FreeBSD.ORG Wed Dec 20 19:44:42 2006 Return-Path: X-Original-To: freebsd-apache@freebsd.org Delivered-To: freebsd-apache@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8E94016A585 for ; Wed, 20 Dec 2006 19:44:42 +0000 (UTC) (envelope-from jm-79@hotmail.com) Received: from bay0-omc1-s27.bay0.hotmail.com (bay0-omc1-s27.bay0.hotmail.com [65.54.246.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BA5143CB0 for ; Wed, 20 Dec 2006 19:44:15 +0000 (GMT) (envelope-from jm-79@hotmail.com) Received: from BAY115-W6 ([65.54.250.106]) by bay0-omc1-s27.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Wed, 20 Dec 2006 11:32:00 -0800 X-Originating-IP: [81.227.171.16] X-Originating-Email: [jm-79@hotmail.com] Message-ID: From: To: Frank Steinborn Date: Wed, 20 Dec 2006 20:32:00 +0100 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 20 Dec 2006 19:32:00.0448 (UTC) FILETIME=[84FBD400:01C7246D] Cc: freebsd-apache@freebsd.org Subject: RE: apache root loader X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 19:44:42 -0000 That Apache need root access to bind to port 80 is possible to go around by= using portacl and allow user www to bind to that port. I read up on the how the i= nit process works and it loads all conf files and then spawns childs that handle the rest. Bu= t i still wonder if that is the best way, is it not possible to gain root access since Apache has ro= ot privs to get root access with some exploit. I know it's not possible to go from child to moth= er so if it's like that it's not possible to get root but ... i just wonder :) ---------------------------------------- > Date: Wed, 20 Dec 2006 06:18:21 +0100 > From: steinex@nognu.de > To: jm-79@hotmail.com > CC: freebsd-apache@freebsd.org > Subject: Re: apache root loader >=20 > jm-79@hotmail.com wrote: > >=20 > > Hi, > >=20 > > I wonder how many of you that use apache just straight from ports. I di= d a apache port install and discovered now by suprise that of course apache= need root access to start. My question is how many of you guys has remove= d it if anyone have and why does no documents discuss this topic, is it ass= umed that this little root access can't do much harm so no need to make it = run 100% ass the www user. > >=20 > > Looking forward for some replies. > > Jake! >=20 > Apache will need root initially to bind to privileged port 80 > (remember, ports 1-1024 are reserved for root). However, it will drop > privileges and runs under uid 80 (www) then - assumed that you use the > port. >=20 > Frank=20 _________________________________________________________________ Prova Live.com - din snabba, personliga hemsida med allt du kan =F6nska dig= p=E5 ett enda st=E4lle. http://www.live.com/getstarted=