[Marc Slemko] | | The problem is that if you can modify the config files, then in most | setups (ie. where Apache is started by root) you can get root. As | simple as that. Running the admin server as a non-root UID just | adds another step to the process of getting root.
you are right. perhaps one should include a compile time option to hard code the uid of the server and not allow the config to override this? -Bj�rn -- Bj�rn Borud <[EMAIL PROTECTED]> | "The Net interprets censorship <URL:http://www.pvv.unit.no/~borud/> | as damage and routes around it." UNIX person, one of "them" | - John Gilmore
