Re: an actual hacked machine, in a preserved state

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




On Jan 5, 2012, at 11:13 PM, email builder wrote:
I don't mean to thread-hijack, but I'm curious, if apache runs as its
own non-root user and /etc/shadow is root-owned and 0400, then
how could any exploit of software not running as root ever have
access to that file??

To listen on the default port 80, httpd requires running as root. According to the Apache httpd site, the main httpd process continues running as root, with the child processes dropping privileges to the other user. See:
http://httpd.apache.org/docs/2.1/invoking.html

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux