On 06/17/2011 01:56 PM, Tim wrote: > Ed Greshko: >>> Depending on the type of web pages you serve you may find there to be a >>> buffer overflow vulnerability which gives an attacker a shell and allows >>> them to execute arbitrary commands as "apache". >>> >>> I smell "danger Will Robinson"! > Gary Stainburn: >> You do have a valid point, but this is a non-public low-risk server used for >> internal admin stuff. > Though that may lead to complacency, and someone may find a way to cause > you problems that you hadn't thought of. You are probably far better > finding a way to run your command as some other user, triggered by your > risky apache user. > > Generally, risky users are prevented from being able to run things for > good reasons; and you're best not to shred your security blankets for > the sake of convenience, now. > Thank you Ed, thank you Tim! I completely agree. Bad/risky practice can easily carry over at some point to the danger zone, and I think it's especially important to stress this view/point on mailing lists not that somebody later will think this is a solution to their problem, jeopardizing a productive system. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
