apache root loader

jm-79 at hotmail.com jm-79 at hotmail.com
Wed Dec 20 11:44:42 PST 2006

That Apache need root access to bind to port 80 is possible to go around by using
portacl and allow user www to bind to that port. I read up on the how the init process works
and it loads all conf files and then spawns childs that handle the rest. But i still wonder if that
is the best way, is it not possible to gain root access since Apache has root privs to get root
access with some exploit. I know it's not possible to go from child to mother so if it's like that
it's not possible to get root but ... i just wonder :)

> Date: Wed, 20 Dec 2006 06:18:21 +0100
> From: steinex at nognu.de
> To: jm-79 at hotmail.com
> CC: freebsd-apache at freebsd.org
> Subject: Re: apache root loader
> jm-79 at hotmail.com wrote:
> > 
> > Hi,
> > 
> > I wonder how many of you that use apache just straight from ports. I did a apache port install and discovered now by suprise that of course apache need root access to start.  My question is how many of you guys has removed it if anyone have and why does no documents discuss this topic, is it assumed that this little root access can't do much harm so no need to make it run 100% ass the www user.
> > 
> > Looking forward for some replies.
> > Jake!
> Apache will need root initially to bind to privileged port 80
> (remember, ports 1-1024 are reserved for root). However, it will drop
> privileges and runs under uid 80 (www) then - assumed that you use the
> port.
> Frank 

Prova Live.com - din snabba, personliga hemsida med allt du kan önska dig på ett enda ställe.

More information about the freebsd-apache mailing list