Hosting Provided By

Bug#366124: apache2: should mark its listening socket close-on-exec

From: Stefan Fritsch <sf(at)sfritsch.de>
Date: Sun Jul 22 2007 - 14:15:24 EDT

> AFAIK mod_php has no facility to change the uid, so it is no
> security issue: As long as the uid stays the same, the spawned
> process can ptrace the apache process and do anything it wants
> anyway.

FWIW, this is not true if the apache parent process runs as root. In this case the child processes are treated specially because they used to be priviledged and therefore cannot be ptraced by normal (non-root) processes.

-- 
To UNSUBSCRIBE, email to debian-apache-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Sun Jul 22 14:26:54 2007

This message: [ Message body ]
Next message: Chris Withers: "Bug#421802: apache2: ssl.conf dropped IE workarounds"
Previous message: Stefan Fritsch: "Bug#421802: apache2: ssl.conf dropped IE workarounds"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Thu Aug 09 2007 - 19:06:06 EDT