diff options
Diffstat (limited to 'docs/manual/misc/security_tips.html.en')
| -rw-r--r-- | docs/manual/misc/security_tips.html.en | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/docs/manual/misc/security_tips.html.en b/docs/manual/misc/security_tips.html.en index 909fa511c4..ac7b4de8ba 100644 --- a/docs/manual/misc/security_tips.html.en +++ b/docs/manual/misc/security_tips.html.en @@ -82,8 +82,8 @@ </code></p></div> <p>It is assumed that /, /usr, and /usr/local are only modifiable by - root. When you install the httpd executable, you should ensure that - it is similarly protected:</p> + root. When you install the <code class="program"><a href="../programs/httpd.html">httpd</a></code> executable, you + should ensure that it is similarly protected:</p> <div class="example"><p><code> cp httpd /usr/local/apache/bin <br /> @@ -98,9 +98,9 @@ <p>If you allow non-root users to modify any files that root either executes or writes on then you open your system to root compromises. - For example, someone could replace the httpd binary so that the next - time you start it, it will execute some arbitrary code. If the logs - directory is writeable (by a non-root user), someone could replace + For example, someone could replace the <code class="program"><a href="../programs/httpd.html">httpd</a></code> binary so + that the next time you start it, it will execute some arbitrary code. If + the logs directory is writeable (by a non-root user), someone could replace a log file with a symlink to some other system file, and then root might overwrite that file with arbitrary data. If the log files themselves are writeable (by a non-root user), then someone may be |