httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: opening of log files and following links
Date Wed, 01 Jan 1997 00:54:35 GMT
How about a SaferLogOpen directive.  Of course we'd need another API tweak
to implement it ;)  Bleh.

Dean

On Tue, 31 Dec 1996, Rodent of Unusual Size wrote:

> >From the fingers of Jim Jagielski flowed the following:
> >
> >The trick is that the logfiles should be written to a place that
> >_only_ root has write access to. Even the Apache user should not
> >have that permission.
> 
>      I strongly disagree.  That means you can only run Apache if you
>      have root authority on your system.  It should be perfectly
>      possible and reasonable to run Apache as a normal user, on a
>      non-privileged port (e.g., Port > 1024).  [I haven't tried this,
>      but I assume it can be done.  It *should* bo doable if it isn't.]
>      Not everyone has their own UNIX system (poor sods.. ;-).
> 
> >I'm surprised this never popped up before... if misconfigured, it
> >does allow for some major damage.
> 
>     True, but "give 'em rope" is a very good maxim to my mind.  Document
>     the dickens out of security issues, but don't Big Brother your
>     customers - that assumes you *know* how they *all* do things, which I
>     submit is unlikely. ;->
> 
>     #ken    :-)}
> 


Mime
View raw message