httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@dsndata.com>
Subject Re: NCSA httpd again: CGI scripts and log file descriptors
Date Fri, 05 May 1995 18:10:49 GMT
I am resending this since I have not seen it hit the list yet.


------- Forwarded Message

To: new-httpd@hyperreal.com
Subject: Re: NCSA httpd again: CGI scripts and log file descriptors (fwd) 
In-reply-to: Your message of "Fri, 05 May 1995 15:46:00 -0000."
         <m0s7OeP-0001VWC@mamba.ast.cam.ac.uk> 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 05 May 1995 10:22:41 -0500
From: Randy Terbush <randy@dsndata.com>



> To answer your implied question, B85 does not make any functional changes
> to a well-behaved CGI script; scripts still have the error_log as their
> stderr.
> 
> > Would it be possible to add another "safer" panic-log to the CGI
> > spec that would still get written out in this case?
> 
> Certainly. I'm not sure its needed, though.
> IF the error_log were opened  O_APPEND, then I don't think a script could do
> much damage.

What's to keep me from opening it with the CGI program and nuking it
to cover my tracks?  The CGI program will also have the same write
permissions.  We almost need to be doing a seteuid() to a safe user
ID and allow the server process to still be doing the logging as
root.  It seems that this could be much easier accomplished with
the non-forker by letting the parent process handle all of the
logging as root and force the children to safer uids.

Am I all wet?  (be nice...)




------- End of Forwarded Message



Mime
View raw message