> AFAIK mod_php has no facility to change the uid, so it is no > security issue: As long as the uid stays the same, the spawned > process can ptrace the apache process and do anything it wants > anyway.
FWIW, this is not true if the apache parent process runs as root. In this case the child processes are treated specially because they used to be priviledged and therefore cannot be ptraced by normal (non-root) processes. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
