> Well, anyone in the www group. That would be two users: # grep www /etc/group www:x:8: # grep 8 /etc/passwd mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false
> That lets all the world to do whatever. So if "all the world" is two users who cannot log in, I still don't see how this is a security exposure. > But, with various security holes in Apache, particularly around CGI Don't any holes get patched on a regular basis? If I am up to date on all of my patches, I would not expect there to be a known hole in Apache CGIs. We do tout the open source model as having superior security, largely because of peer review, no? > a rule of security: be paranoid. I feel that prudence must balance paranoia. "Mike MacIsaac" <[EMAIL PROTECTED]> (845) 433-7061 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
