Graham Dumpleton <[email protected]> writes:
> 2009/12/16 Dan Poirier <[email protected]>:
>> Jordi Prats <[email protected]> writes:
>>
>>> If you start apache with root as usual, you realize that every module
>>> is able to run code with root privileges:
>> ...
>>> Why is coded this way? Shouldn't run with lower privileges?
>>
>> No. That's not the purpose of apache modules.
>
> There is a lot more to it than that.
Well, yeah, but the main misconception seemed to be that the purpose of
Apache modules was to limit the privileges available to modules.
("Shouldn't [sic] run with lower privileges?") In reality if you run
Apache as root and load a module, that module can do anything it wants
as root, and that's by design, not an inherent flaw in Apache.
