Bug#366124: apache2: should mark its listening socket close-on-exec

To: Marc Haber <mh+debian-bugs@zugschlus.de>
Cc: 366124@bugs.debian.org
Subject: Bug#366124: apache2: should mark its listening socket close-on-exec
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 07 May 2006 22:11:44 +0200
Message-id: <[🔎] 87slnl7fy7.fsf@mid.deneb.enyo.de>
Reply-to: Florian Weimer <fw@deneb.enyo.de>, 366124@bugs.debian.org
In-reply-to: <[🔎] 20060505115851.3220.8818.reportbug@nechayev.zugschlus.de> (Marc Haber's message of "Fri, 05 May 2006 13:58:51 +0200")
References: <[🔎] 20060505115851.3220.8818.reportbug@nechayev.zugschlus.de>

* Marc Haber:

> (1) apache or something running inside the apache process (maybe a php
>     script using mail()) sends e-mail using /usr/lib/sendmail.
> (2) exim, invoked as /usr/lib/sendmail, inherits the listening socket.

If Apache behaves like this, it's a security issue, especially if it
occurs together with SuexecUserGroup.  Non-privileged processes can
intercept HTTP requests and impersonate the web server process.

Reply to:

References:
- Bug#366124: apache2: should mark its listening socket close-on-exec
  - From: Marc Haber <mh+debian-bugs@zugschlus.de>

Prev by Date: Bug#365925: ssl-cert: post-installation script exits with error 1
Next by Date: Re: Apache configuration and security
Previous by thread: Bug#366124: apache2: should mark its listening socket close-on-exec
Next by thread: RE: Talkpoint Webinars
Index(es):
- Date
- Thread