The problem is ASPseek (both index and searchd, via s.cgi) deals with untrusted contents from network (index processes some HTML pages not written by you, s.cgi processes requests with untrusted parameters). Nobody can guarantee that, say, index is totally free from buffer overruns, so theoretically malicious HTML page can cause quite hazardous effects, like executing atbitrary code machine running index. And, if you run it under root user, this code will be run under root uid too.
That is why both index and search refuses to run as root, and I strongly suggest you to not circumvent it. Actually I can think of very few cases where you are to run index/searchd under the root account. Diego Montalvo wrote: > > Matt, > > I found the snippets, I understand that it is crazy, > but, let me ask you. If I run as "root" what is the > worse case scenerio, given that nobody knows the > password? > > Diego > > --- Matt Sullivan <[EMAIL PROTECTED]> wrote: > > On Fri, 12 Jul 2002, Diego Montalvo wrote: > > > > > hello, > > > > > > I was wanting to change aspseek back ro running > > from > > > root. ASPSeek 1.15 allowed me to use "root" to > > run > > > processes,now I must use another user. What do I > > have > > > to change inorder to use "root" instead of another > > > user? > > > > You would need to change appropriate snippets of > > code in daemon.cpp and > > index.cpp. However, I would strongly advise against > > doing this unless you have > > a thorough understanding of the security > > implications and you accept that > > compromise of your systems is a risk you are > > prepared to take. > > > > This is not to say that ASPseek is insecure, the > > scope of this issue is far > > more generalised than to be specific to ASPseek. If > > you posed this question to > > any good security professional they would certainly > > look at you like you just > > arrived from another planet ;) > > > > > > Matt. > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Autos - Get free new car price quotes > http://autos.yahoo.com -- [EMAIL PROTECTED] ICQ UIN 7551596 Phone +7 903 6722750 -- Guinness a Day Keeps a Doctor Away (people's wisdom)
