Bug#366124: apache2: should mark its listening socket close-on-exec

To: 366124@bugs.debian.org
Subject: Bug#366124: apache2: should mark its listening socket close-on-exec
From: Stefan Fritsch <sf@sfritsch.de>
Date: Sun, 22 Jul 2007 20:15:24 +0200
Message-id: <[🔎] 200707222015.25002.sf@sfritsch.de>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 366124@bugs.debian.org

> AFAIK mod_php has no facility to change the uid, so it is no
> security issue: As long as the uid stays the same, the spawned
> process can ptrace the apache process and do anything it wants
> anyway.

FWIW, this is not true if the apache parent process runs as root. In 
this case the child processes are treated specially because they used 
to be priviledged and therefore cannot be ptraced by normal 
(non-root) processes.

Reply to:

Prev by Date: Bug#421802: apache2: ssl.conf dropped IE workarounds
Next by Date: Bug#421802: apache2: ssl.conf dropped IE workarounds
Previous by thread: Processed: tagging 415698
Next by thread: Bug#366124: apache2: should mark its listening socket close-on-exec
Index(es):
- Date
- Thread