|
|
@ -47,24 +47,24 @@ This should prevent right drop while changing the effective user id. |
|
|
If apache2 does not start it most likely is related to some access rights. |
|
|
If apache2 does not start it most likely is related to some access rights. |
|
|
Just have a look in the error log as mentioned in this. |
|
|
Just have a look in the error log as mentioned in this. |
|
|
|
|
|
|
|
|
**ATTENTION: This module adds data to the kernel random number pool. To do |
|
|
|
|
|
this the apache process needs CAP_SYS_ADMIN. Without any role based access |
|
|
|
|
|
control this is true only for the root user. |
|
|
|
|
|
|
|
|
|
|
|
An alternative is to assign CAP_SYS_ADMIN to the apache process. This still |
|
|
|
|
|
seems not to be the ideal solution as this would give the apache process |
|
|
|
|
|
access to several system internals like de-/activation of swap devices |
|
|
|
|
|
mount/unmount, etc. Anyway, this is the best i could figure out. |
|
|
|
|
|
|
|
|
|
|
|
It would be a good to have a special capabilty just for random pool |
|
|
|
|
|
administration but actually i have no clue if and how this might be possible. |
|
|
|
|
|
Anyway this still might lead to problems with the security of your encryption |
|
|
|
|
|
as an attacker might be able to add own random values to the random pool which |
|
|
|
|
|
in turn might compromize your encryption. |
|
|
|
|
|
|
|
|
|
|
|
Actually i have no good solution for this...maybe it is not a good idea at all |
|
|
|
|
|
to generate random numbers this way, i would be lucky to get feedback on this |
|
|
|
|
|
issue.** |
|
|
|
|
|
|
|
|
> ATTENTION: This module adds data to the kernel random number pool. To do |
|
|
|
|
|
> this the apache process needs CAP_SYS_ADMIN. Without any role based access |
|
|
|
|
|
> control this is true only for the root user. |
|
|
|
|
|
> |
|
|
|
|
|
> An alternative is to assign CAP_SYS_ADMIN to the apache process. This still |
|
|
|
|
|
> seems not to be the ideal solution as this would give the apache process |
|
|
|
|
|
> access to several system internals like de-/activation of swap devices |
|
|
|
|
|
> mount/unmount, etc. Anyway, this is the best i could figure out. |
|
|
|
|
|
> |
|
|
|
|
|
> It would be a good to have a special capabilty just for random pool |
|
|
|
|
|
> administration but actually i have no clue if and how this might be possible. |
|
|
|
|
|
> Anyway this still might lead to problems with the security of your encryption |
|
|
|
|
|
> as an attacker might be able to add own random values to the random pool which |
|
|
|
|
|
> in turn might compromize your encryption. |
|
|
|
|
|
> |
|
|
|
|
|
> Actually i have no good solution for this...maybe it is not a good idea at all |
|
|
|
|
|
> to generate random numbers this way, i would be lucky to get feedback on this |
|
|
|
|
|
> issue. |
|
|
|
|
|
|
|
|
## Dependencies |
|
|
## Dependencies |
|
|
|
|
|
|
|
|
|
