From owner-freebsd-security Fri Feb 2 11:31:21 2001 Delivered-To: freebsd-security@freebsd.org Received: from threat.tjhsst.edu (threat.tjhsst.edu [198.38.16.9]) by hub.freebsd.org (Postfix) with ESMTP id 476D237B491 for ; Fri, 2 Feb 2001 11:31:02 -0800 (PST) Received: (from abarros@localhost) by threat.tjhsst.edu (8.11.1/8.11.0) id f12JUt920504; Fri, 2 Feb 2001 14:30:55 -0500 Date: Fri, 2 Feb 2001 14:30:55 -0500 From: Andrew Barros To: Richard Ward Cc: "David G. Andersen" , freebsd-security@FreeBSD.ORG Subject: Re: Apache uid/gid Message-ID: <20010202143055.A20054@tjhsst.edu> Mail-Followup-To: Richard Ward , "David G. Andersen" , freebsd-security@FreeBSD.ORG References: <200102021753.KAA24081@faith.cs.utah.edu> <002701c08d41$810430a0$0101a8c0@pavilion> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ikeVEW9yuYc//A+q" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <002701c08d41$810430a0$0101a8c0@pavilion>; from mh@neonsky.net on Fri, Feb 02, 2001 at 12:56:42PM -0500 X-Operating-System: Linux threat.tjhsst.edu 2.2.17 X-I-Graduate-In: 134.107685185185 days Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --ikeVEW9yuYc//A+q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable You need to be root to open ports lower than 1024, this root owned process = only opens the port, reads oonfig files, and spawns children(with the corre= ct uid). -ajb On Fri, Feb 02, 2001 at 12:56:42PM -0500, Richard Ward wrote: ->It doesn't handle requests? That's something I didn't know. Thanks for sh= edding light on this, and sorry to those who are also saying "This has noth= ing to do with FreeBSD security". ->-- ->Richard Ward, CEO ->richard@neonsky.net ->Neonsky Internet Services -> -> ->----- Original Message -----=20 ->From: David G. Andersen ->To: Richard Ward ->Cc: ->Sent: Friday, February 02, 2001 12:53 PM ->Subject: Re: Apache uid/gid -> -> ->> The process running as root is the master process. Don't kill it, ->> don't step on it, it's doing what you want. It doesn't handle ->> requests; the non-root children do. ->>=20 ->> You're right, btw - this has nothing to do with FreeBSD security. :) ->>=20 ->> -Dave ->>=20 ->> Lo and behold, Richard Ward once said: ->> >=20 ->> > I'm not too sure this has anything to do with actual FreeBSD security= , though it has been on my mind for some time. I'm running Apache 1.3.12 an= d it's binding to user and group id "nobody". When I start apache with apac= hctl, it spawns the amount of daemons listed in httpd.conf, though one of t= hose spawns are running as root. I can kill the process running as root and= all is well. ->> >=20 ->> > My question is: Is this a threat? Having this mystery process that's = not binding to the correct uid/gid specified, does it defeat the whole purp= ose of binding Apache to it's own user/group? ->> >=20 ->> > Thanks. ->> > -- ->> > Richard Ward, CEO ->> > richard@neonsky.net ->> > Neonsky Internet Services ->> >=20 ->>=20 ->>=20 ->> --=20 ->> work: dga@lcs.mit.edu me: dga@pobox.com ->> MIT Laboratory for Computer Science http://www.angio.ne= t/ -> -> -> ->To Unsubscribe: send mail to majordomo@FreeBSD.org ->with "unsubscribe freebsd-security" in the body of the message ---end quoted text--- --=20 Andrew Barros PGP Key Fingerprint: D3B8 0800 C45A 143E 5CF0 E112 0A1B AB36 B655 1FB8 --ikeVEW9yuYc//A+q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6ewrvChurNrZVH7gRAkbvAJ0a3T80igguWWqhFlyD5fzARULc2wCePL2W GarsLhskS9uW1uqEIyF+Shc= =BnVY -----END PGP SIGNATURE----- --ikeVEW9yuYc//A+q-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message