Date: Fri, 2 Feb 2001 12:56:42 -0500 From: "Richard Ward" <mh@neonsky.net> To: "David G. Andersen" <dga@pobox.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Apache uid/gid Message-ID: <002701c08d41$810430a0$0101a8c0@pavilion> References: <200102021753.KAA24081@faith.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
It doesn't handle requests? That's something I didn't know. Thanks for shedding light on this, and sorry to those who are also saying "This has nothing to do with FreeBSD security". -- Richard Ward, CEO richard@neonsky.net Neonsky Internet Services ----- Original Message ----- From: David G. Andersen <dga@pobox.com> To: Richard Ward <mh@neonsky.net> Cc: <freebsd-security@FreeBSD.ORG> Sent: Friday, February 02, 2001 12:53 PM Subject: Re: Apache uid/gid > The process running as root is the master process. Don't kill it, > don't step on it, it's doing what you want. It doesn't handle > requests; the non-root children do. > > You're right, btw - this has nothing to do with FreeBSD security. :) > > -Dave > > Lo and behold, Richard Ward once said: > > > > I'm not too sure this has anything to do with actual FreeBSD security, though it has been on my mind for some time. I'm running Apache 1.3.12 and it's binding to user and group id "nobody". When I start apache with apachctl, it spawns the amount of daemons listed in httpd.conf, though one of those spawns are running as root. I can kill the process running as root and all is well. > > > > My question is: Is this a threat? Having this mystery process that's not binding to the correct uid/gid specified, does it defeat the whole purpose of binding Apache to it's own user/group? > > > > Thanks. > > -- > > Richard Ward, CEO > > richard@neonsky.net > > Neonsky Internet Services > > > > > -- > work: dga@lcs.mit.edu me: dga@pobox.com > MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002701c08d41$810430a0$0101a8c0>