httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Re: Closing file descriptors...
Date Thu, 27 Apr 1995 15:41:00 GMT
>Paul Phillips has just noted that the file descriptors for the log files
>are left open in NCSA 1.3, which might allow a malicious CGI script to
>cover its tracks or wipe the log files entirely.  It might be best to
>just close all descriptors except for stdin, stdout, and stderr before
>the exec() in cgi_stub().  The again, stderr is generally set to the 
>error log, and I generally consider that a feature, rather than a bug
>(if a script screws up, you generally get useful info in the error_log).
>Any thoughts?

I tried to do this with the nscache file descriptors, by marking them
close on exec. (Though this causes problems on NeXT; investigations underway.)

I think it would be appropriate to do this for the other file descriptors.

 David.

Mime
View raw message