Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Request header processing is one of the most dangerous tasks for a web server. Doing this as root would open the server up to many potential security problems. Instead, Apache httpd is designed to do all request processing as a less-privileged user.
    2. Once the server switches to a less-privileged userid, there is no way to go back to root in order to process further requests. (If there was a way to get back to root, an attacker could obviously use this to subvert any restrictions on the less-privileged userid.) That means a new process would need to be created for each connection, substantially increasing resource usage.

Privilege separation with CGI scripts

...

Several different multi-processing modules (MPMs) have been written to address this problem. These include perchild (now defunct), Metux mpm, Peruser MPM, and MPM-ITK. The first three keep a pool of threads or processes available under each userid and dispatch each request to the appropriate thread pool. Essentially, they are a more efficient version of the reverse proxy solution discussed above. None of these modules are apparently production-ready.

...