ala888 Posted August 18, 2014 Share Posted August 18, 2014 lets say apache runs as "www" on my system a malicious attacker somehow hijacks and gains control of apache, cant he then just modify apache.conf so that on reboot, apache runs as sudo ? - which will then execute any malicious scripts the attacker planted beforehand ?are there any restrictions on what type of user apache can be run as simply by modifying its conf file ? Link to comment Share on other sites More sharing options...
Ingolme Posted August 18, 2014 Share Posted August 18, 2014 I don't work a lot with servers, but I'd assume the user associated to apache doesn't have the right permission level to modify the configuration file Link to comment Share on other sites More sharing options...
ala888 Posted August 18, 2014 Author Share Posted August 18, 2014 I don't work a lot with servers, but I'd assume the user associated to apache doesn't have the right permission level to modify the configuration file Ah yes, such a simple variable that I overlooked! Thanks a lot for the insight Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now