[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#366124: apache2: should mark its listening socket close-on-exec

* Marc Haber:

> (1) apache or something running inside the apache process (maybe a php
>     script using mail()) sends e-mail using /usr/lib/sendmail.
> (2) exim, invoked as /usr/lib/sendmail, inherits the listening socket.

If Apache behaves like this, it's a security issue, especially if it
occurs together with SuexecUserGroup.  Non-privileged processes can
intercept HTTP requests and impersonate the web server process.

Reply to: