Hi, Assuming that the option to do so is available, is it any more or less secure to start the parent process as non-root? For example, say apache is running a single application behind a load balancer so the port number doesn't matter. Pros: There's no chance that a security hole could lead to root-level privilege escalation (or simillar, like the recent discussion about the parent sending signals to the wrong processes). There's no need for root level access at any point in the lifetime of the server, so for example holes in startup scripts will be mitigated. Cons: The 'workers' have the same privileges as the parent, so could for example (assuming a badly written script allows for remote command execution) write to some resource that would block the parent, such as the accept lock or a predictable log file name, causing a DOS. Use of a high port could allow another non-root process to block the listener by opening it while the server is down. Opinions? It's mainly a hypothetical question for now but later this year I expect I'll need to consider it. -- noodl --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|