"Graham Dumpleton" <[EMAIL PROTECTED]> writes: > The first is whether it would be possible for code to be run with > elevated privileges given that the main Apache process usually is > started as root. I'm not sure at what point it switches to the special > user Apache generally runs as and whether in the main process the way > this switch is done is enough to prevent code getting back root > privileges in some way, so would need to be looked into.
It switches very early, I think. It starts as root so it can listen on port 80. > There is also much more possibility for code, if it runs up extra > threads, to interfere with the operation of the Apache parent process. Certainly launching any new threads should be postponed til after the fork. -- http://mail.python.org/mailman/listinfo/python-list
