[4977] in WWW Security List Archive

home help back first fref pref prev next nref lref last post

Security issues in Apache?

daemon@ATHENA.MIT.EDU (Prentiss Riddle)
Fri Apr 4 10:26:58 1997

From: Prentiss Riddle <riddle@is.rice.edu>
To: rjc@n2k.com (Richard Costine)
Date: Fri, 4 Apr 1997 07:13:54 -0600 (CST)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <3343F9CA.2781E494@n2k.com> from "Richard Costine" at Apr 3, 97 02:41:14 pm
Errors-To: owner-www-security@ns2.rutgers.edu

> Date: Thu, 03 Apr 1997 14:41:14 -0400
> From: Richard Costine <rjc@n2k.com>
> To: jay@homecom.com
> Subject: Re: Prediction:Plug-ins will go away (Re: Automatic trojans)
> References: <199704010642.BAA24158@unix1.sysnet.net> <334151D0.265D@HomeCom.com> <334287F8.1F1A7590@n2k.com> <33429490.21DA@HomeCom.com>
> 
> Agreed. Sendmail is a beastie that should not be run as root on any
> system exposed to the 'net. (Along with Ichat, Apache and any other big,
> burly, and potentially security-hole-laden code).

Since this is the www-security list, you grabbed my attention with that
reference to Apache.

Could you post a short summary of what you know about security problems
with Apache?  And would you consider Apache to be less safe than NCSA
httpd?

And while you're at it, a security run-down on Ichat would be
appreciated as well.  (Perhaps that should go in a separate thread
with a different subject line.)

Thanks.

-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
-- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle

home help back first fref pref prev next nref lref last post