Re: Web servers bug ?

To: Samuel Tardieu <sam@debian.org>, Daniel Podlejski <underley@underley.eu.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Web servers bug ?
From: Raphael Hertzog <rhertzog@hrnet.fr>
Date: Wed, 5 May 1999 19:18:59 +0200
Message-id: <[🔎] 19990505191859.A4786@k6.resI.insa-lyon.fr>
In-reply-to: <[🔎] 19990505181552.E5905@inf.enst.fr>; from Samuel Tardieu on Wed, May 05, 1999 at 06:15:52PM +0200
References: <[🔎] 19990505175605.A857@iko.onet.pl> <[🔎] 19990505181552.E5905@inf.enst.fr>

Le Wed, May 05, 1999 at 06:15:52PM +0200, Samuel Tardieu écrivait:
> On  5/05, Daniel Podlejski wrote:
> | 1. Apache work as www-data ...
> | 2. I don't try other WWW serwers
> | 3. Try add www-data user to postgres ...
> 
> Change /etc/apache/httpd.conf to contain "nobody" instead of "www-data",
> and report a bug against the apache package.

NO ! Apache should not be run under nobody. Why ? Because there are
several programs that run under nobody (shell scripts, distributed-net,...) and
and users could kill those via CGIs. Apache uses a dedicated id and that's
good. You'd better patch postregsql so that it supports '-' in a username.

Cheers,
-- 
Raphaël Hertzog >> 0C4CABF1 >> http://prope.insa-lyon.fr/~rhertzog/

Reply to:

Follow-Ups:
- Re: Web servers bug ?
  - From: Anders Arnholm <anders@arnholm.nu>

References:
- Web servers bug ?
  - From: Daniel Podlejski <underley@underley.eu.org>
- Re: Web servers bug ?
  - From: Samuel Tardieu <sam@debian.org>

Prev by Date: Re: Freely available optimization code
Next by Date: Re: RFC: YADA: Yet Another Debianisation Aid
Previous by thread: Re: Web servers bug ?
Next by thread: Re: Web servers bug ?
Index(es):
- Date
- Thread