Am 25.07.2013 20:00, schrieb Lennart Poettering: > On Sat, 20.07.13 04:06, Reindl Harald (h.rei...@thelounge.net) wrote: > >> Hi >> >> i try to secure the Apache-Webserver (mpm-prefork) as much as possible >> >> am i right that with the following settings in the systemd-unit after the >> child-process >> is forked with the "apache" user and the capabilities are reduced as below >> even a >> potential root exploit would have no success? "SecureBits=noroot" fails i >> guess >> because it even disallows the parent-process to run as root after >> start > > IIRC combining NoNewPrivileges with CAP_SETUID doesn't really make much > sense as the latter is one way how to gain new privs, but the former > doesn't allow this
well, but httpd needs CAP_SETUID to *lower* the privileges after start for the child-processes and needs root at startup as well as for the master-prcoess which opens logfiles and othe filehandles not allowed to do for the user "apache" that is why my idea of the setting is "OK, once you dropped your privileges nothing will allow to get back root permissions"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
