Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.mel.connect.com.au!news.mira.net.au!vic.news.telstra.net!act.news.telstra.net!psgrain!usenet.eel.ufl.edu!newsfeed.internetmci.com!howland.reston.ans.net!Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!usenet From: j@ida.interface-business.de (J Wunsch) Newsgroups: comp.unix.bsd.bsdi.misc Subject: Re: revoking root privledges from httpd Date: 14 Jun 1996 08:48:51 GMT Organization: interface business GmbH, Dresden Lines: 26 Message-ID: <4pr91j$73r@innocence.interface-business.de> References: <31BC1070.E88@atlanticfoods.com> <4pm0bp$91v@innocence.interface-business.de> <4pn78n$3nl@moon.igcom.net> Reply-To: joerg_wunsch@interface-business.de (Joerg Wunsch) NNTP-Posting-Host: ida.interface-business.de X-Newsreader: knews 0.9.6 X-Phone: +49-351-31809-14 X-Fax: +49-351-3361187 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E david@terra.igcom.net (David B. Bauman) wrote: > : > I've heard that it's a BAD thing to run httpd while SUID. Granted I > : > need SUID to grab port 80, but how do I then revoke SU status from the > : > daemon? > > : A correctly written httpd does this for you. > Perhaps you can elaborate? I have a correctly written httpd (apache) > and all the process change ownerships once the httpd runs. However, > the first httpd process stays owned by root. This makes it hard for That's okay, and i don't think it's a real security hole (which i thought your original question was about). > my dedicated www clients to kill -HUP their deamon. How should the clients (that access the server across the network) send a signal to their daemon anyway? What it is for? (A client cannot modify the daemon's config file, so why do you even want to send a sighup?) -- J"org Wunsch Unix support engineer joerg_wunsch@interface-business.de http://www.interface-business.de/~j