On Mon, Sep 06, 2004 at 01:32:19PM -0500, Matthew Boehm wrote: > thats about the most unsecure thing I've ever seen. there is a reason you > don't run apache as root and therefore having a script that sudo's is just > as bad. > > try using the manager interface for better security. * shouldn't be running > as root either if we want to get nitty-gritty about security.
Not exactly. sudo allows you a more fine-grained control than simply running apache as root. In what I suggested (and I hope that this is what the original sender meant) apache is only allowed to query the asterisk process for the version. Any other command-line is rejected. I can't see any problem with that, except a possible DoS attack. But that DoS attack will probably be available with any other alternative method. -- Tzafrir Cohen +---------------------------+ http://www.technion.ac.il/~tzafrir/ |vim is a mutt's best friend| mailto:[EMAIL PROTECTED] +---------------------------+ _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
