On Mon, 16 Jun 2003, Pablo Yaggi wrote: > Yes, my worker does, because I'm running apache as root > (BIG_SECURITY_HOLE) enabled, because my module drops down to less > priveleged user id. So maybe the fact I change the userid > (real) and it never come back to root is the problem.
Wait a minute... so you're calling setuid() from within a module on the child process of a threaded MPM? That's not good... threads don't have independent uid's; if any one thread changes the uid of the process, it would affect all threads in that process. --Cliff
