Reply to post:

A patchy Apache a-patchin: HTTP server gets fix for worrying root access hole

Tom Chiverton 1

The master process has to in order to bind to port 80, traditionally (i.e. if you don't run it on a high port and have the front end firewall forward port 80 to it). I believe they are saying the unprivileged child process can gain execution in the parent context, and to do that you just need a vulnerability in whatever the child does e.g. an over flow in mod_php or whatever.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon