[5009] in WWW Security List Archive
Re: Security issues in Apache?
daemon@ATHENA.MIT.EDU (Kevin J. Dyer)
Wed Apr 9 19:58:03 1997
Date: Wed, 09 Apr 1997 16:36:24 -0400
From: kdyer@draper.com (Kevin J. Dyer)
In-reply-to: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
<"Re: Security issues in Apache?"@mb2.draper.com> (Apr 9, 1:13pm)
To: ben@algroup.co.uk, Christopher Petrilli <petrilli@amber.org>
Cc: riddle@is.rice.edu, rjc@n2k.com, www-security@ns2.rutgers.edu
Reply-to: kdyer@draper.com
Errors-To: owner-www-security@ns2.rutgers.edu
On Apr 9, 1:13pm, Ben Laurie wrote:
> Subject: Re: Security issues in Apache?
> Christopher Petrilli wrote:
> > Apache is definately not "less safe" than NSCA, but nor is it necessarily
> > more safe. It does seem to have a more active base of developers, but
> > whether that is good or bad is something else entirely.
> >
> > If you're running it, I would recommend you run an absolute minimal
> > server on port 80, an run the rest on a totally untrusted port, like
> > 8080, thereby elimanting the need to even start the server as root. This
> > would at least restrict the damage that could be done.
>
> Apache runs a single process as root, which opens the port and then becomes
> another user, then forks the listening processes. The root process never
> interacts with the network, and its interaction with the other processes is
> limited to counting, killing and creating them. So, I can't really see what
> this precuation buys you.
>
> Cheers,
>
> Ben.
>
[snip] Sorry Ben
>-- End of excerpt from Ben Laurie
In addition I've run into sites which block all non-standard ports. I'm not
saying this is right or wrong, but you may be closing yourself off to a large
portion of your current client base.
Just my $0.02
--
=============================================================================
Kevin J. Dyer Draper Laboratory MS 23.
Email: <kdyer@draper.com> 555 Tech. Sq.
Phone: 617-258-4962 Cambridge, MA 02139
FAX: 617-258-2121
-----------------------------------------------------------------------------
"Beware Geeks bearing GIFs" Author Unknown
=============================================================================
