On Wed, 25 Apr 2007, haim [howard] roman wrote: > Regarding (b), even if you run the server as root, you can change the > owners &/or groups of the files so that non-root users can change them.
It may happen that controlling configuration files is enough to force the application to do nasty things (e.g., reading /etc/shadow, or even overwriting it). If an application is run as root, the result can be that you allow the one who controls the configuration files to do this nasty things. If your only problem is the ports, you could run the server on some other ports (say, 20080 instead of 80) and use ipf to redirect 80 to 20080. -- Regards, ASK
