httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sameer <>
Subject Re: opening of log files and following links
Date Thu, 02 Jan 1997 21:57:42 GMT
> Wouldn't it be better to open the log files _after_ the UID switch?
> I would vote for that as a safer solution. A warning should also
> be in the docs, but this is pretty serious when you think about
> it. Apache should setuid asap.

	I don't think so, because then the logfile dir can be made
read/writeable only by root, and broken CGI can't mess with the logs.

Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777
C2Net 		    C2Net is having a party:

View raw message