[255] in WWW Security List Archive
Re: Secure W3 Server
daemon@ATHENA.MIT.EDU (David Miller)
Tue Dec 13 12:12:12 1994
Date: Tue, 13 Dec 1994 09:40:00 -0500 (EST)
From: David Miller <isdmill@gatekeeper.ddp.state.me.us>
To: hharamis@cohesive.com
cc: www-security@ns1.rutgers.edu
In-Reply-To: <eed4adc0@nts-1.cohesive.com>
Reply-To: David Miller <isdmill@gatekeeper.ddp.state.me.us>
On Mon, 12 Dec 1994 hharamis@cohesive.com wrote:
> Hello,
>
> Does anybody have an opinion on which public domain w3 server is
> most secure? A lot of people talk about the fact that some of these
> servers are large in size. Sounds to me like the old sendmail problem.
>
> Thanks in advance,
>
> Harry Haramis
> hharamis@cohesive.com
>
I don't doubt that the httpd servers have bugs which can be exploited in
some fashion. However, I would expect the damage to be more localized to
the www server system, not the entire system. Sendmail needs to run suid
root to do all the whiz-bang stuff its famous for, and that means that
once you find a bug you have root priviledges. Httpd servers run very
nicely as user httpd so the damage can be more easily contained.
My $.02 worth:)
----------------------------------------------------------------------------
It's *amazing* what one can accomplish when
one doesn't know what one can't do!
