httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manoj Kasichainula <>
Subject listenwrap support
Date Sun, 18 Oct 1998 22:01:56 GMT
On Dean's listenwrap mods:

On Wed, Oct 07, 1998 at 11:48:00AM -0700, Dean Gaudet wrote:
> I encourage someone to take the above and clean it up for the tree.  Given
> that this coredump thing is ubiquitous (it's a security measure) we need a
> generic solution to it.  Not to mention that this gives folks a method of
> completely eliminating httpd running as root, not even the parent needs
> root with this.

I've got a patch worked up for this.  I extracted the listenwrap stuff
from arctic mods, added support for user and group names as well as
numeric ids, then added most of the work needed for APACI to
automatically configure it. I'll be posting it soon.

> The logging problem can be worked around with a setuid piped logger
> (setuid something other than nobody, doesn't need to be root).

How are you doing this so far? Do you already have a setuid logger
hiding somewhere?

I've been looking at how this should be done if not. If we still want
logs to be written as root, we can just use a setuid root program
which chroots to the log directory and writes to argv[1] (after other
checks of course).  But we could also allow avoiding the root user
altogether if we add in the pathname checks from suexec and forget
about chroot. Any preferences?

Also, is there a decent way to do this without a bunch of read and
write calls? I can use sendfile (which works on any fd IIRC) for some
platforms, but not all.

> Or it can be worked around with a more sophisticated listenwrap
> program that opens the logs as well. 

Then we'd have complicated code running as root, which we are trying
to avoid. I like the piped logger option more.

Manoj Kasichainula - manojk at io dot com -
"I am J. D. Falk, Sysadmin. I own a web-server and a LART." - Jeff Mercer

View raw message