On Wed, Jun 25, 2003 at 12:28:59PM -0500, Ed Wilts wrote: > One of the key differences between IIS and Apache is the way the web > server is started. [...] > On Linux, however, the web server almost always run under a non-privileged > account. If Apache is penetrated, the worst the attacker can do is run > non-privileged code - they may access web server files and world > readable and writable files, but they won't be able to modify your > system binaries nor startups. [...]
Is Apache actually running chrooted under RHL9? If so, an attacker could do even less, as Apache doesn't even have access to the whole file system, as it's running in its own little subset thereof. OpenBSD for example runs Apache chrooted. Cheerio, Thomas -- ==> RH List Archive: http://marc.theaimsgroup.com/?l=redhat-list&r=1&w=2 <== ----------------------------------------------------------------------------- Thomas Ribbrock http://www.ribbrock.org "You have to live on the edge of reality - to make your dreams come true!" -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
