httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dgau...@hyperreal.org
Subject cvs commit: apachen/htdocs/manual/mod core.html mod_log_config.html
Date Sun, 14 Dec 1997 00:57:47 GMT
dgaudet     97/12/13 16:57:47

  Modified:    htdocs/manual/misc security_tips.html
               htdocs/manual/mod core.html mod_log_config.html
  Log:
  More tweaks related to serverroot/logs/etc.
  
  Revision  Changes    Path
  1.12      +6 -2      apachen/htdocs/manual/misc/security_tips.html
  
  Index: security_tips.html
  ===================================================================
  RCS file: /export/home/cvs/apachen/htdocs/manual/misc/security_tips.html,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- security_tips.html	1997/12/14 00:49:19	1.11
  +++ security_tips.html	1997/12/14 00:57:44	1.12
  @@ -62,8 +62,12 @@
   <p>If you allow non-root users to modify any files that root either
   executes or writes on then you open your system to root compromises.
   For example, someone could replace the httpd binary so that the next
  -time you start it, it will execute some arbitrary code.  Or someone
  -could overwrite the logs with arbitrary data.
  +time you start it, it will execute some arbitrary code.  If the logs
  +directory is writeable (by a non-root user), someone
  +could replace a log file with a symlink to some other system file,
  +and then root might overwrite that file with arbitrary data.  If the
  +log files themselves are writeable (by a non-root user), then someone
  +may be able to overwrite the log itself with bogus data.
   <P>
   <HR>
   <H2>Server Side Includes</H2>
  
  
  
  1.86      +15 -7     apachen/htdocs/manual/mod/core.html
  
  Index: core.html
  ===================================================================
  RCS file: /export/home/cvs/apachen/htdocs/manual/mod/core.html,v
  retrieving revision 1.85
  retrieving revision 1.86
  diff -u -r1.85 -r1.86
  --- core.html	1997/11/15 00:16:48	1.85
  +++ core.html	1997/12/14 00:57:45	1.86
  @@ -570,7 +570,7 @@
   <blockquote><code>ErrorLog /dev/null</code></blockquote>
   This effectively turns off error logging.<p>
   
  -SECURITY: See the <A HREF="../misc/security_tips.html">security tips</A>
  +SECURITY: See the <A HREF="../misc/security_tips.html#serverroot">security tips</A>
   document for details on why your security could be compromised if
   the directory where logfiles are stored is writable by anyone other
   than the user that starts the server.
  @@ -1025,9 +1025,12 @@
   Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
   USE_FLOCK_SERIALIZED_ACCEPT.  This directive should normally be
   left at its default value.  The main reason for changing it is if
  -the <code>logs</code> directory is NFS mounted, since the lockfile
  -should be stored on a local disk if possible.  The PID of the main
  -server process is automatically appended to the filename.
  +the <code>logs</code> directory is NFS mounted, since <b>the lockfile
  +must be stored on a local disk</b>.  The PID of the main
  +server process is automatically appended to the filename. <p>
  +
  +The LockFile is subject to the same warnings about log file placement and
  +<a href="../misc/security_tips.html#serverroot">security</a>.
   
   <P><HR>
   
  @@ -1245,7 +1248,7 @@
   signal to the process id listed in the PidFile.<p>
   
   The PidFile is subject to the same warnings about log file placement and
  -<a href="../misc/security_tips.html">security</a>.
  +<a href="../misc/security_tips.html#serverroot">security</a>.
   
   <p><hr>
   
  @@ -1569,8 +1572,13 @@
   The ServerRoot directive sets the directory in which the server lives.
   Typically it will contain the subdirectories <code>conf/</code> and
   <code>logs/</code>. Relative paths for other configuration files are taken
  -as relative to this directory.<br>
  -See also <a href="../invoking.html">the <code>-d</code> option to httpd</a>.<p><hr>
  +as relative to this directory.<p>
  +
  +See also <a href="../invoking.html">the <code>-d</code> option to httpd</a>.<p>
  +See also <a href="../misc/security_tips.html#serverroot">the security tips</a>
  +for information on how to properly set permissions on the ServerRoot.<p>
  +
  +<hr>
   
   <h2><A name="servertype">ServerType directive</A></h2>
   <!--%plaintext &lt;?INDEX {\tt ServerType} directive&gt; -->
  
  
  
  1.20      +4 -4      apachen/htdocs/manual/mod/mod_log_config.html
  
  Index: mod_log_config.html
  ===================================================================
  RCS file: /export/home/cvs/apachen/htdocs/manual/mod/mod_log_config.html,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- mod_log_config.html	1997/09/12 14:50:47	1.19
  +++ mod_log_config.html	1997/12/14 00:57:46	1.20
  @@ -173,10 +173,10 @@
   
   <h2>Security Considerations</h2>
   
  -See the <A HREF="../misc/security_tips.html">security tips</A> document
  -for details on why your security could be compromised if the directory
  -where logfiles are stored is writable by anyone other than the user
  -that starts the server.
  +See the <A HREF="../misc/security_tips.html#security">security tips</A>
  +document for details on why your security could be compromised if the
  +directory where logfiles are stored is writable by anyone other than
  +the user that starts the server.
   <p>
   <h2>Directives</h2>
   
  
  
  

Mime
View raw message