httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregory A Lundberg <lundb...@vr.net>
Subject [BUGFIXES] Wrong GID for PID file and UMASK for logs
Date Mon, 24 Nov 1997 15:16:14 GMT
Problem: If Apache must create its log files, the PID file is created
after changing to the new UID/GID, making the file group-owned by the
public web.  Does this create any security problems?  Unknown, but why
take the risk?

Problem: The PID file and error log(s) are created using the default
umask.  For most systems, the default umask is good enough, but why depend
upon that?  Enforce a umask of at least 0133 on the PID and error logs
(you do already on the activity log) and save some poor admin a headache.

Porting note:  The man pages for umask() on my Linux system are, to say
the best, sparce.  I found the function defined in <sys/stat.h> but it may
or may not exist there or anywhere on other systems; check the patch for
http_log.c compiles on your flavor.

These problems exist in both 1.2.4 and 1.3b3.  The 1.3b3 patch is below,
I've attached the 1.2.4 patch.

*** http_log.c.orig	Mon Nov 24 09:45:52 1997
--- http_log.c	Mon Nov 24 09:57:48 1997
***************
*** 67,72 ****
--- 67,73 ----
  #include "http_main.h"
  
  #include <stdarg.h>
+ #include <sys/stat.h>
  
  typedef struct {
  	char	*t_name;
***************
*** 179,184 ****
--- 180,189 ----
  void open_error_log (server_rec *s, pool *p)
  {
      char *fname;
+     mode_t oldumask;
+ 
+     oldumask = umask (0133);
+     umask (oldumask | 0133);
  
      if (*s->error_fname == '|') {
  	FILE *dummy;
***************
*** 221,226 ****
--- 226,233 ----
              exit(1);
  	}
      }
+ 
+     umask (oldumask);
  }
  
  void open_logs (server_rec *s_main, pool *p)
***************
*** 341,354 ****
--- 348,365 ----
  void log_pid (pool *p, char *pid_fname)
  {
      FILE *pid_file;
+     mode_t oldumask;
  
      if (!pid_fname) return;
      pid_fname = server_root_relative (p, pid_fname);
+     oldumask = umask (0133);
+     umask (oldumask | 0133);
      if(!(pid_file = fopen(pid_fname,"w"))) {
  	perror("fopen");
          fprintf(stderr,"httpd: could not log pid to file %s\n", pid_fname);
          exit(1);
      }
+     umask (oldumask);
      fprintf(pid_file,"%ld\n",(long)getpid());
      fclose(pid_file);
  }
*** http_main.c.orig	Mon Nov 24 09:39:55 1997
--- http_main.c	Mon Nov 24 09:40:20 1997
***************
*** 3280,3285 ****
--- 3280,3286 ----
  	server_conf = read_config(pconf, ptrans, server_confname);
  	setup_listeners(pconf);
  	open_logs(server_conf, pconf);
+ 	log_pid(pconf, pid_fname);
  	init_modules(pconf, server_conf);
  	set_group_privs();
  	SAFE_ACCEPT(accept_mutex_init(pconf));
***************
*** 3294,3300 ****
  #endif
  
  	set_signals();
- 	log_pid(pconf, pid_fname);
  
  	if (daemons_max_free < daemons_min_free + 1)	/* Don't thrash... */
  	    daemons_max_free = daemons_min_free + 1;
--- 3295,3300 ----

Gregory A Lundberg		Senior Partner, VRnet Company
1441 Elmdale Drive              email: lundberg@vr.net [205.133.13.8]
Kettering, OH 45409-1615 USA    voice: +1 (937) 299-7653

Mime
View raw message