[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: The best way to run a hidden service: one or two computers?



Robert Ransom:

> If your web server and all of the interpreters and programs it runs are
> competently written, there is no way for an attacker to get root
> access, or even run a shell command.  Web applications and the
> special-purpose interpreters they run on are often incompetently
> written.

I've noticed that on most Linux distributions, Apache 2 (just an example)
runs as a non-privileged user on the system. Though one Apache 2 process
does run as Root, but it spawns unprivileged process children. So if it
was to be a flaw in Apache 2, or PHP, that an attacker knew about, would he 
then be able to gain Root access if the software runs as a non-Root user?

> I select the message I want to reply to, and then I click the ÃReplyÃ
> button in my mail client's toolbar.

The same as I do. It must be my mail provider that sucks. :)

Thanks for all your help BTW!
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/