Bug#366124: apache2: should mark its listening socket close-on-exec
> AFAIK mod_php has no facility to change the uid, so it is no
> security issue: As long as the uid stays the same, the spawned
> process can ptrace the apache process and do anything it wants
> anyway.
FWIW, this is not true if the apache parent process runs as root. In
this case the child processes are treated specially because they used
to be priviledged and therefore cannot be ptraced by normal
(non-root) processes.
Reply to: