SSL exploit

After having created an SSL enabled website. It is possible for the admin of that website to change his own cert and key, which is located in the home directory. By modifying SLIGHTLY either of those files, or pointing to a bogus file and then do a save in SSL options, it is possible to shutdown Apache, for the whole server, simply by the root user doing an apachectl stop and then start. Having an option to prevent the user from changing his cert maybe a help.

Status: 
Closed (fixed)