httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject opening of log files and following links
Date Tue, 31 Dec 1996 23:44:31 GMT
Currently mod_log_config (and others) will follow links when opening log
files for writing.  This means that anyone with write access to the
directory the logs are in can append arbitrary information to any file
writable by the uid that starts the server (normally root).

Does anyone give users write access to directories that logs are
stored in?  I can see some people doing this for virtual hosts
where they don't care about using the logs for tracking usage.

I think that either a note should be added to the documentation warning
people about this, or all relevant routines should be changed not to
follow links when opening for writing.  

To prevent the routine from following links when opening for writing... is
ugly.  You need to avoid race conditions, be sure it isn't a symlink, be
sure it doesn't have any hardlinks (problem is, then you have a perfect
denial of service attack from anyone making a hardlink to the log
file...), then write to it.  It is ugly because the file can already
exist and isn't necessarily being created.  Yuck.  

So, since modifying the routines that open the logfiles is ugly,
I think something in the documentation along the lines of:

	Note that anyone with write access to the directory logfiles
	are stored in can append arbitrary information to ANY FILE
	writable by the user that starts the web server (normally
	root).

may be in order.  Not exactly sure where in the documentation; there
are a lot of different directives that this affects.



Mime
View raw message