On Thu, May 13, 2004 at 11:17:09PM -0400, Dan Weber wrote: > On Fri, May 14, 2004 at 01:35:47AM -0000, Aaron Stone wrote: > > Dan Weber <[EMAIL PROTECTED]> said: > > > > > Since we don't have anything that needs root, we should not be using > > > it. MySQL, Apache, and Postfix are storing user access passwords in > > > logs. They need their logs to be owned by root. Otherwise, an > > > attacker could gain all sorts of access with their logs. Apache also > > > uses it for its reload stuff. Its best to not take chances, when you > > > don't need to take them. > > > > > > > The child processes need to attach to privileged ports. Doesn't that > > require a > > parent process that starts them off with root privs so that they can bind? > > Child processes generally inherit the access to the port from its > parent process. So if the socket is already open, the children should > have access to it.
BTW, I have been running dbmail with the drop_privledges() since you mentioned it. The preforked patched version of 2.0 here had no issue making new childs at high peak times and have handling done approprietly. -- Dan Weber
signature.asc
Description: Digital signature
