Jump to content

the user that apache runs as


Recommended Posts

lets say apache runs as "www" on my system

a malicious attacker somehow hijacks and gains control of apache, cant he then just modify apache.conf so that on reboot, apache runs as sudo ? - which will then execute any malicious scripts the attacker planted beforehand ?are there any restrictions on what type of user apache can be run as simply by modifying its conf file ?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...