embedaddon/lighttpd/doc/outdated/security.txt - view

Return to security.txt CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / lighttpd / doc / outdated

File: [ELWIX - Embedded LightWeight unIX -] / embedaddon / lighttpd / doc / outdated / security.txt
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Mon Oct 14 10:32:48 2013 UTC (11 years, 5 months ago) by misho
Branches: lighttpd, MAIN
CVS tags: v1_4_41p8, v1_4_35p0, v1_4_35, v1_4_33, HEAD

1.4.33

    1: =================
    2: Security Features
    3: =================
    4: 
    5: ------------
    6: Module: core
    7: ------------
    8: 
    9: :Author: Jan Kneschke
   10: :Date: $Date: 2013/10/14 10:32:48 $
   11: :Revision: $Revision: 1.1.1.1 $
   12: 
   13: :abstract:
   14:   lighttpd was developed with security in mind ...
   15: 
   16: .. meta::
   17:   :keywords: lighttpd, security
   18: 
   19: .. contents:: Table of Contents
   20: 
   21: Description
   22: ===========
   23: 
   24: Limiting POST requests
   25: ----------------------
   26: 
   27: 
   28: 
   29: ::
   30: 
   31:    server.max-request-size = <kbyte>
   32: 
   33: System Security
   34: ---------------
   35: 
   36: Running daemons as root with full privileges is a bad idea in general.
   37: lighttpd runs best without any extra privileges and runs perfectly in chroot.
   38: 
   39: Change Root
   40: ```````````
   41: 
   42: server.chroot = "..."
   43: 
   44: Drop root privileges
   45: ````````````````````
   46: 
   47: server.username = "..."
   48: server.groupname = "..."
   49: 
   50: FastCGI
   51: ```````
   52: 
   53: fastcgi + chroot
   54: 
   55: Permissions
   56: ```````````
   57: 
   58: ::
   59: 
   60:   $ useradd wwwrun ...

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>