LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Linux security non-modules and AppArmor

Linux security non-modules and AppArmor

Posted Jun 29, 2007 20:54 UTC (Fri) by nix (subscriber, #2304)
In reply to: Linux security non-modules and AppArmor by farnz
Parent article: Linux security non-modules and AppArmor

OK, I'm missing something here. Mozilla, Apache, and mutt, your own
examples, run as root for part of their lifecycle?!

(The very *idea* of a suid root Mozilla gives me collywobbles.)

(Log in to post comments)

Linux security non-modules and AppArmor

Posted Jul 1, 2007 9:32 UTC (Sun) by njs (guest, #40338) [Link]

Well, Apache on port 80 does...

Linux security non-modules and AppArmor

Posted Jul 2, 2007 8:07 UTC (Mon) by farnz (guest, #17727) [Link]

My Apache runs on port 80, which can only be bound by root. My SMTP server runs on port 25, which can only be bound by root (not in the list of examples, but I did rather assume that you'd apply some intelligence). My SSH daemon runs as root briefly (setting up port 22, and changing user to the user who's logging in).

Indeed, all the long-running services on my boxes must run as root for part of their lifetime, just to bind their well-known ports for listening. Mozilla and mutt obviously don't run as root at all, but they're not necessarily that interesting to confine (e.g. on a server).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds