httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@hyperreal.com>
Subject cvs commit: apache/htdocs/manual/mod core.html mod_log_agent.html mod_log_common.html mod_log_config.html mod_log_referer.html mod_rewrite.html
Date Fri, 10 Jan 1997 08:24:06 GMT
brian       97/01/10 00:24:06

  Modified:    htdocs/manual  invoking.html multilogs.html
                        new_features_1_2.html  virtual-host.html
               htdocs/manual/misc  security_tips.html
               htdocs/manual/mod  core.html mod_log_agent.html
                        mod_log_common.html  mod_log_config.html
                        mod_log_referer.html mod_rewrite.html
  Log:
  Reviewed by:	Chuck Murcko, Brian Behlendorf
  Submitted by:	Marc Slemko
  
  Added documentation about security concerns with logging in Apache 1.2.
  
  Revision  Changes    Path
  1.7       +7 -0      apache/htdocs/manual/invoking.html
  
  Index: invoking.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/invoking.html,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -C3 -r1.6 -r1.7
  *** invoking.html	1996/12/12 01:09:39	1.6
  --- invoking.html	1997/01/10 08:23:44	1.7
  ***************
  *** 80,85 ****
  --- 80,92 ----
    and is <code>conf/mime.types</code> by default.
    
    <h2>Log files</h2>
  + <h3>security warning</h3>
  + Anyone who can write to the directory where Apache is writing a
  + log file can almost certainly gain access to the uid that the server is
  + started as, which is normally root.  Do <EM>NOT</EM> give people write
  + access to the directory the logs are stored in without being aware of
  + the consequences; see the <A HREF="misc/security_tips.html">security tips</A>
  + document for details.
    <h3>pid file</h3>
    On daemon startup, it saves the process id of the parent httpd process to
    the file <code>logs/httpd.pid</code>. This filename can be changed with the
  
  
  
  1.3       +4 -1      apache/htdocs/manual/multilogs.html
  
  Index: multilogs.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/multilogs.html,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -C3 -r1.2 -r1.3
  *** multilogs.html	1996/12/02 18:13:42	1.2
  --- multilogs.html	1997/01/10 08:23:45	1.3
  ***************
  *** 49,55 ****
    The first argument is the filename to log to. This is used
    exactly like the argument to <code>TransferLog</code>, that is,
    it is either a file as a full path or relative to the current
  ! server root, or |programname. <p>
    
    The format argument specifies a format for each line of the log file.
    The options available for the format are exactly the same as for
  --- 49,58 ----
    The first argument is the filename to log to. This is used
    exactly like the argument to <code>TransferLog</code>, that is,
    it is either a file as a full path or relative to the current
  ! server root, or |programname.  Be aware that anyone who can write to
  ! the directory where a log file is written can gain access to the uid
  ! that starts the server.  See the <A HREF="misc/security_tips.html">
  ! security tips</A> document for details.<p>
    
    The format argument specifies a format for each line of the log file.
    The options available for the format are exactly the same as for
  
  
  
  1.22      +6 -1      apache/htdocs/manual/new_features_1_2.html
  
  Index: new_features_1_2.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/new_features_1_2.html,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -C3 -r1.21 -r1.22
  *** new_features_1_2.html	1997/01/05 09:01:42	1.21
  --- new_features_1_2.html	1997/01/10 08:23:45	1.22
  ***************
  *** 97,103 ****
    versions of Apache is now standard, and has been enhanced to allow
    logging of much more detail about the transaction, and can be used to
    open <a href="multilogs.html">more than one log file</a> at once 
  ! (each of which can have a different log format).
    
    <li><b><a href="mod/mod_usertrack.html">User Tracking (Cookies)
    Revisions</a></b><br>
  --- 97,108 ----
    versions of Apache is now standard, and has been enhanced to allow
    logging of much more detail about the transaction, and can be used to
    open <a href="multilogs.html">more than one log file</a> at once 
  ! (each of which can have a different log format).  If you have Apache
  ! write any logs to a directory which is writable by anyone other than
  ! the user that starts the server, see the <A HREF="misc/security_tips.html">
  ! security tips</A> document to be sure you aren't putting the security
  ! of your server at risk.
  ! 
    
    <li><b><a href="mod/mod_usertrack.html">User Tracking (Cookies)
    Revisions</a></b><br>
  
  
  
  1.9       +8 -0      apache/htdocs/manual/virtual-host.html
  
  Index: virtual-host.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/virtual-host.html,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -C3 -r1.8 -r1.9
  *** virtual-host.html	1996/12/12 01:09:41	1.8
  --- virtual-host.html	1997/01/10 08:23:46	1.9
  ***************
  *** 130,135 ****
  --- 130,143 ----
    
    <P>
    
  + <EM>SECURITY:</EM> When specifying where to write log files, be aware
  + of some security risks which are present if anyone other than the
  + user that starts Apache has write access to the directory where they
  + are written.  See the <A HREF="misc/security_tips.html">security
  + tips</A> document for details.
  + 
  + <P>
  + 
    <H2>File Handle/Resource Limits:</H2>
    When using a large number of Virtual Hosts, Apache may run out of available
    file descriptors if each Virtual Host specifies different log files.
  
  
  
  1.4       +25 -6     apache/htdocs/manual/misc/security_tips.html
  
  Index: security_tips.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/misc/security_tips.html,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -C3 -r1.3 -r1.4
  *** security_tips.html	1996/11/26 05:36:42	1.3
  --- security_tips.html	1997/01/10 08:23:54	1.4
  ***************
  *** 15,20 ****
  --- 15,32 ----
    
    <HR>
    
  + <H2>Permissions on Log File Directories</H2>
  + <P>When Apache starts, it opens the log files as the user who started the
  + server before switching to the user defined in the 
  + <a href="../mod/core.html#user"><b>User</b></a> directive.  Anyone
who
  + has write permission for the directory where any log files are
  + being written to can append pseudo-arbitrary data to any file on the
  + system which is writable to the user who starts Apache.  Since the
  + server is normally started by root, you should <EM>NOT</EM> give anyone
  + write permission to the directory where logs are stored unless you
  + want them to have root access. 
  + <P>
  + <HR>
    <H2>Server Side Includes</H2>
    <P>Server side includes (SSI) can be configured so that users can execute
    arbitrary programs on the server. That thought alone should send a shiver
  ***************
  *** 54,68 ****
    deliberate or accidental.<p>
    
    All the CGI scripts will run as the same user, so they have potential to
  ! conflict (accidentally or deliberately) with other scripts e.g. User A hates
  ! User B, so he writes a script to trash User B's CGI database.<P>
    
    <HR>
    
  - Please send any other useful security tips to
  - <A HREF="mailto:apache-bugs@mail.apache.org">apache-bugs@mail.apache.org</A>
  - <p>
  - <HR>
    
    <H2>Stopping users overriding system wide settings...</H2>
    <P>To run a really tight ship, you'll want to stop users from setting
  --- 66,81 ----
    deliberate or accidental.<p>
    
    All the CGI scripts will run as the same user, so they have potential to
  ! conflict (accidentally or deliberately) with other scripts e.g.
  ! User A hates User B, so he writes a script to trash User B's CGI
  ! database.  One program which can be used to allow scripts to run
  ! as different users is <A HREF="../suexec.html">suEXEC</A> which is
  ! included with Apache as of 1.2 and is called from special hooks in
  ! the Apache server code.  Another popular way of doing this is with
  ! <A HREF="http://wwwcgi.umr.edu/~cgiwrap/">CGIWrap</A>.  <P>
    
    <HR>
    
    
    <H2>Stopping users overriding system wide settings...</H2>
    <P>To run a really tight ship, you'll want to stop users from setting
  ***************
  *** 84,89 ****
  --- 97,108 ----
    
    This stops all overrides, Includes and accesses in all directories apart
    from those named.<p>
  + 
  + <HR>
  + <P>Please send any other useful security tips to
  + <A HREF="mailto:apache-bugs@mail.apache.org">apache-bugs@mail.apache.org</A>
  + <p>
  + <HR>
    
    <!--#include virtual="footer.html" -->
    </BODY>
  
  
  
  1.28      +13 -1     apache/htdocs/manual/mod/core.html
  
  Index: core.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/mod/core.html,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -C3 -r1.27 -r1.28
  *** core.html	1997/01/01 07:10:24	1.27
  --- core.html	1997/01/10 08:24:00	1.28
  ***************
  *** 391,397 ****
    then it is assumed to be relative to the <A HREF="#serverroot">ServerRoot</A>.
    Example:
    <blockquote><code>ErrorLog /dev/null</code></blockquote>
  ! This effectively turns off error logging.<p><hr>
    
    <A name="files"><h2>&lt;Files&gt;</h2></A>
    <strong>Syntax:</strong> &lt;Files <em>filename</em>&gt;
  --- 391,404 ----
    then it is assumed to be relative to the <A HREF="#serverroot">ServerRoot</A>.
    Example:
    <blockquote><code>ErrorLog /dev/null</code></blockquote>
  ! This effectively turns off error logging.<p>
  ! 
  ! SECURITY: See the <A HREF="../misc/security_tips.html">security tips</A> 
  ! document for details on why your security could be compromised if
  ! the directory where logfiles are stored is writable by anyone other
  ! than the user that starts the server.
  ! 
  ! <p><hr>
    
    <A name="files"><h2>&lt;Files&gt;</h2></A>
    <strong>Syntax:</strong> &lt;Files <em>filename</em>&gt;
  ***************
  *** 1213,1218 ****
  --- 1220,1230 ----
    then this can be accomplished with the <code>ifconfig alias</code>
    command (if your OS supports it), or with kernel patches like <A
    HREF="../misc/vif-info.html">VIF</A> (for SunOS(TM) 4.1.x)).<p>
  + 
  + SECURITY: See the <A HREF="../misc/security_tips.html">security tips</A> 
  + document for details on why your security could be compromised if
  + the directory where logfiles are stored is writable by anyone other
  + than the user that starts the server.
    
    <p><strong>See also:</strong>
    <A HREF="../virtual-host.html">Information on Virtual Hosts.
  
  
  
  1.3       +6 -0      apache/htdocs/manual/mod/mod_log_agent.html
  
  Index: mod_log_agent.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/mod/mod_log_agent.html,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -C3 -r1.2 -r1.3
  *** mod_log_agent.html	1996/11/21 10:30:49	1.2
  --- mod_log_agent.html	1997/01/10 08:24:01	1.3
  ***************
  *** 40,45 ****
  --- 40,51 ----
    run under the user who started httpd. This will be root if the server
    was started by root; be sure that the program is secure.<p>
    
  + <strong>Security:</strong> See the <A
  + HREF="../misc/security_tips.html">security tips</A> document for
  + details on why your security could be compromised if the directory
  + where logfiles are stored is writable by anyone other than the user
  + that starts the server.<P>
  + 
    This directive is provided for compatibility with NCSA 1.4.<p>
    
    <!--#include virtual="footer.html" -->
  
  
  
  1.4       +6 -0      apache/htdocs/manual/mod/mod_log_common.html
  
  Index: mod_log_common.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/mod/mod_log_common.html,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -C3 -r1.3 -r1.4
  *** mod_log_common.html	1996/11/26 06:03:26	1.3
  --- mod_log_common.html	1997/01/10 08:24:01	1.4
  ***************
  *** 82,87 ****
  --- 82,93 ----
    run under the user who started httpd. This will be root if the server
    was started by root; be sure that the program is secure.<p>
    
  + <strong>Security:</strong> See the <A
  + HREF="../misc/security_tips.html">security tips</A> document for
  + details on why your security could be compromised if the directory
  + where logfiles are stored is writable by anyone other than the user
  + that starts the server.<P>
  + 
    <!--#include virtual="footer.html" -->
    </BODY>
    </HTML>
  
  
  
  1.9       +7 -0      apache/htdocs/manual/mod/mod_log_config.html
  
  Index: mod_log_config.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/mod/mod_log_config.html,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -C3 -r1.8 -r1.9
  *** mod_log_config.html	1996/12/22 04:05:16	1.8
  --- mod_log_config.html	1997/01/10 08:24:02	1.9
  ***************
  *** 162,167 ****
  --- 162,174 ----
    See the examples below.
    <p>
    
  + <h2>Security Considerations</h2>
  + 
  + See the <A HREF="../misc/security_tips.html">security tips</A> document
  + for details on why your security could be compromised if the directory
  + where logfiles are stored is writable by anyone other than the user
  + that starts the server.
  + <p>
    <h2>Directives</h2>
    
    <ul>
  
  
  
  1.3       +6 -0      apache/htdocs/manual/mod/mod_log_referer.html
  
  Index: mod_log_referer.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/mod/mod_log_referer.html,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -C3 -r1.2 -r1.3
  *** mod_log_referer.html	1996/11/21 10:30:50	1.2
  --- mod_log_referer.html	1997/01/10 08:24:02	1.3
  ***************
  *** 67,72 ****
  --- 67,78 ----
    run under the user who started httpd. This will be root if the server
    was started by root; be sure that the program is secure.<p>
    
  + <strong>Security:</strong> See the <A
  + HREF="../misc/security_tips.html">security tips</A> document for
  + details on why your security could be compromised if the directory
  + where logfiles are stored is writable by anyone other than the user
  + that starts the server.<P>
  + 
    This directive is provided for compatibility with NCSA 1.4.<p>
    
    <!--#include virtual="footer.html" -->
  
  
  
  1.4       +6 -0      apache/htdocs/manual/mod/mod_rewrite.html
  
  Index: mod_rewrite.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/mod/mod_rewrite.html,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -C3 -r1.3 -r1.4
  *** mod_rewrite.html	1997/01/01 18:32:20	1.3
  --- mod_rewrite.html	1997/01/10 08:24:03	1.4
  ***************
  *** 151,156 ****
  --- 151,162 ----
    <tt>RewriteLog</tt> directive or use <tt>RewriteLogLevel 0</tt>!
    </td></tr>
    </table>
  + <P>
  + 
  + SECURITY: See the <A HREF="../misc/security_tips.html">security
  + tips</A> document for details on why your security could be
  + compromised if the directory where logfiles are stored is writable
  + by anyone other than the user that starts the server. <P>
    
    <p>
    <b>Example:</b>
  
  
  

Mime
View raw message