On Fri, Jan 6, 2012 at 1:52 PM, email builder emailbuilder88@yahoo.com wrote:
Apache starts as root so it can open port 80. Certain bugs might happen before it switched to a non-privileged user. But, a more likely scenario would be to get the ability to run some arbitrary command through an apache, app, or library vulnerability, and that command would use a different kernel, library, or suid program vulnerability to get root access. Look back through the update release notes and you'll find an assortment of suitable bugs that have been there...
That makes sense - but that scenario seems like the vulnerability is more in some third party application or tool that happens to be executable by apache. Seems like the best defense against that is not running things like WordPress ;-p :-)
There have been bugs in just about everything - apache itself, php or other modules, or the applications that use them. And in java/struts, etc. if you prefer java web services. You just can't get away from the theme of trading security against convenience - whatever you run that has useful features is probably also going to have vulnerabilities.