Y
Hacker News
new
|
ask
|
show
|
jobs
by
blibble
978 days ago
why is it running as root anyway?
should probably setuid to the correct user and do the thing there instead
1 comments
Avamander
977 days ago
Well in some cases avoiding root might help. But you can have flaws like this root or not, for example Apache httpd still has a known TOCTOU vulnerability with symlinks with a broken check (SymlinksIfOwnerMatch does not actually work).
link