httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: [BUGFIXES] Wrong GID for PID file and UMASK for logs
Date Tue, 25 Nov 1997 07:15:05 GMT
On Mon, 24 Nov 1997, Gregory A Lundberg wrote:

> Problem: If Apache must create its log files, the PID file is created
> after changing to the new UID/GID, making the file group-owned by the
> public web.  Does this create any security problems?  Unknown, but why
> take the risk?

Yeah this should be fixed.

> Problem: The PID file and error log(s) are created using the default
> umask.  For most systems, the default umask is good enough, but why depend
> upon that?  Enforce a umask of at least 0133 on the PID and error logs
> (you do already on the activity log) and save some poor admin a headache.

I'd rather not start using the umask() call... this is something similar
to clearing the environment -- we should be doing this in a wrapper around
apache.  Like in apachectl.

> *** http_main.c.orig	Mon Nov 24 09:39:55 1997
> --- http_main.c	Mon Nov 24 09:40:20 1997
> ***************
> *** 3280,3285 ****
> --- 3280,3286 ----
>   	server_conf = read_config(pconf, ptrans, server_confname);
>   	setup_listeners(pconf);
>   	open_logs(server_conf, pconf);
> + 	log_pid(pconf, pid_fname);
>   	init_modules(pconf, server_conf);
>   	set_group_privs();
>   	SAFE_ACCEPT(accept_mutex_init(pconf));
> ***************
> *** 3294,3300 ****
>   #endif
>   
>   	set_signals();
> - 	log_pid(pconf, pid_fname);
>   
>   	if (daemons_max_free < daemons_min_free + 1)	/* Don't thrash... */
>   	    daemons_max_free = daemons_min_free + 1;
> --- 3295,3300 ----

This is truncated... but +1 on this part of your patch.

Dean

Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message