httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@dsndata.com>
Subject Re: NCSA httpd again: CGI scripts and log file descriptors (fwd)
Date Fri, 05 May 1995 20:27:09 GMT

>    Date: Fri, 05 May 1995 10:22:41 -0500
>    From: Randy Terbush <randy@dsndata.com>
> 
>    > Certainly. I'm not sure its needed, though.
>    > IF the error_log were opened  O_APPEND, then I don't think a script could do
>    > much damage.
> 
>    What's to keep me from opening it with the CGI program and nuking it
>    to cover my tracks?
> 
> You don't have permission --- that's why the server opens the logs as
> root, and runs CGI processes as 'nobody'.  (So why can child processes
> write the logs?  Because the server doesn't lose privilege to use the
> descriptors which it has already opened when it switches uids).

Ah. I had not realized that we were doing *anything* as root.

It would be *really* cool if we could assign UIDs to certain
ScriptAliased directories to make interfacing with DBMS a bit
more secure.


> One thing about O_APPEND --- can it be taken away with something like
> fcntl(.., F_SETFL, 0)?  If so, it would be wise not to count on it for
> security.
> 
> rst

Would need to write a test program to see how this works.  The manpage
is not specific.




Mime
View raw message