On Feb 9, 2008 10:40 PM, sudhakar govindavajhala <sudhakarg79spam@xxxxxxxxx> wrote: > > > > Apache is a pre-forking server. It keeps a pool of processes available > > to serve incoming requests and therefore doesn't need to start new > > processes for each new connection. As your process listing shows, all > > processes except the master (control) process are running as user > > "apache", not as root. These are the processes that do the actual > > serving. > > > > SG: What is a pre-forking server? How can I confirm that it is the worker > threads that are serving the request and not master process. I am a little > bit uneasy that the master is running as root, I am connecting to a port > held by the master, and some how the worker processes are serving the > requests. Since I am connecting to a port held by a master, and since > master is running as root, my root account becomes vulnerable to a potential > buffer overflow security problem. The remainder of my paragraph above describes what I mean by "pre-forking": A pool or processes is pre-forked and then a process from that pool is allocated each time a new connection comes in. As far as confirming that only the child processes do the serving, you have a number of options: 1. Apache is open-source, so you can just read the code. 2. You can attach to the different processes with a debugger and observe what they are doing. 3. You can use the server-status display (see mod_status) to observe which processes serve requests. Although root does open the port, it hands off the open file descriptor to the children who then take care of all the processing. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|