httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: [users@httpd] How to start Apache automatically with certificate?
Date Thu, 04 Sep 2008 14:55:33 GMT
On Wed, 2008-09-03 at 12:12 -0400, Joseph S D Yao wrote:
> Doing everything as root is just plain bad security.  Plan around it.

Doing everything as root IS bad, and I don't think a single person has
suggested it. What they have suggested is having apache started by root
to allow it to acquire privileged resources, such as keys, sockets, log
file handles etc, before dropping privileges.
They've also suggested that their conf files be owned by root, and only
readable by the apache user, which you also disagree with.

Both of these arguments are eminently correct, and your disagreements to
them are just plain wrong. 
If you do not start apache as root and then drop privileges, it means
that any resources required to start their server will be accessible by
the web server. This in turn means that if any exploit is found and
exposed in your server, the attacker would have the means to truncate
your log files (covering tracks) and impersonate your server in SSL
transactions - effectively do a man in the middle attack.

If the servers conf file is not owned by root, then generally that is
okay, as long as it is not writable by the user running apache. I would
personally still have it owned by root.

Your security advice, from what I've seen, is at best misinformed, and
at worst it is negligent. I urge anyone reading this thread to check
some reputable sources before implementing any of Joseph's suggestions.

Cheers

Tom

Mime
View raw message