Re: Debian Policy based on the wrong technical assumptions
Christoph Lameter wrote:
>Security issues can be addressed by authentication provided by the
>webserver.
From: Thomas Koenig <ig25@mvmap66.ciw.uni-karlsruhe.de>
> Yet another large and potentially buggy piece of software running on a
> system. Yet another chance to mess up configuration files in a
> security-relevant way. I don't think these two issues can be addressed
> by authentication provided by the webserver :-)
I guess it would help a whole lot to not run the web server with root
privilege, would it not? My one runs as "nobody". I suppose we could chroot
it, too.
Thanks
Bruce
--
Bruce Perens K6BP bruce@pixar.com 510-215-3502
Finger bruce@master.debian.org for PGP public key.
PGP fingerprint = 88 6A 15 D0 65 D4 A3 A6 1F 89 6A 76 95 24 87 B3
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . Trouble?
e-mail to templin@bucknell.edu .
Reply to: