From: Joe Orton Date: Tue, 19 May 2026 16:15:40 +0000 (+0000) Subject: * SECURITY.md: Tweak wording on what the less-privileged user X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a7751d200a91a66b7bde720af2e3c057205c439f;p=thirdparty%2Fapache%2Fhttpd.git * SECURITY.md: Tweak wording on what the less-privileged user can/can't do, add ACME servers to the example list of trusted services. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1934404 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/SECURITY.md b/SECURITY.md index 645c5ee780..90b59c83db 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -86,9 +86,12 @@ run as a less-privileged user and group which is configurable via the The less-privileged user: -* cannot obtain root privileges, -* cannot read or truncate log files, -* retains access to e.g. any private TLS key data loaded in memory. +* MUST be restricted from gaining root privileges, and +* SHOULD NOT have read or truncate access to log files + +but otherwise has full control over network communication with +clients, and, for example, retains access to SSL private key data in a +typical configuration. Use of platform-specific sandboxing or security features (such as use of containers, chroot, SELinux) are out of scope for this security @@ -122,6 +125,7 @@ include, but are not limited to: * Database or LDAP servers used for authentication via `mod_ldap` or `mod_dbd` * Redis/Valkey, or Memcache servers used for the `mod_ssl` session cache * OCSP servers used for client certificate verification, or server certificate "stapling" +* ACME servers used for issuing certificate in `mod_md`. Backend servers are those accessed in a reverse proxy (or gateway) configuration, typically via HTTP or AJP (see