>From new-httpd Thu Apr 27 11:12:21 0700 1995 remote from hyperreal.com
Received: by taz.hyperreal.com (8.6.10/8.6.5) id LAA04096; Thu, 27 Apr 1995 11:12:45 -0700
Received: from eat.organic.com by taz.hyperreal.com (8.6.10/8.6.5) with ESMTP id LAA04042; Thu, 27 Apr 1995 11:12:26 -0700
Received: (from brian@localhost) by eat.organic.com (8.6.11/8.6.9) id LAA28124; Thu, 27 Apr 1995 11:12:22 -0700
Date: Thu, 27 Apr 1995 11:12:21 -0700 (PDT)
From: Brian Behlendorf <brian@organic.com>
Subject: Re: Closing file descriptors...
To: new-httpd@hyperreal.com
In-Reply-To: <9504271433.AA07843@volterra>
Message-ID: <Pine.3.89.9504271137.K10331-0100000@eat.organic.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-new-httpd@hyperreal.com
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

On Thu, 27 Apr 1995, Robert S. Thau wrote:
> Paul Phillips has just noted that the file descriptors for the log files
> are left open in NCSA 1.3, which might allow a malicious CGI script to
> cover its tracks or wipe the log files entirely.  It might be best to
> just close all descriptors except for stdin, stdout, and stderr before
> the exec() in cgi_stub().  The again, stderr is generally set to the 
> error log, and I generally consider that a feature, rather than a bug
> (if a script screws up, you generally get useful info in the error_log).
> Any thoughts?

+1 - can't the error log be opened as append-only?

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  brian@hyperreal.com  http://www.[hyperreal,organic].com/