httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ryan Bloom" <...@covalent.net>
Subject RE: [PATCH] Apache 1.3 built in log rotation...
Date Wed, 27 Feb 2002 20:45:27 GMT
Do we really want Apache rotating logs?  Apache is a web server it
serves web pages really well.  If you want log rotation, use either a
piped log or a cron job that restarts the server.

Ryan

> Since I am not a Unix developer, can this security problem be overcome
> somehow or does this mean that I should #ifdef the code as NETWARE
> only?
> 
> Brad
> 
> Brad Nicholes
> Senior Software Engineer
> Novell, Inc., a leading provider of Net business solutions
> http://www.novell.com
> 
> >>> marcs@znep.com Wednesday, February 27, 2002 1:34:46 PM >>>
> On Wed, 27 Feb 2002, Brad Nicholes wrote:
> 
> >      This patch adds the directives LogRotateDaily and
> LogRotateInterval
> > to the mod_log_config modules.  These directives allow all of the
> custom
> > logs to be automatically rotated on either a daily basis or at a
> > specific interval.  This patch is based on a previous patch that was
> > submitted by Bertrand Demiddelaer.
> >      One of the problems that we have had on NetWare is the lack of
> a
> > way to automatically rotate the log files.  NetWare is unable to use
> the
> > RotateLog utility due to the fact that the OS does not support
pipes.
> 
> > This patch is being submitted as a general patch rather than a
> NetWare
> > specific patch so that other platforms can take advantage of it if
> they
> > choose to.  If there are objections to this patch I could submit it
> as a
> > NetWare only fix.  If there are no objections, I would like to go
> ahead
> > and check it in.
> 
> This patch is a major security problem on Unix, since you should not
> have
> your log files writable by the user apache runs as.  They should only
> be writable by the user that starts Apache (normally root).  This
> means
> child processes can not reopen logs.
> 
> BTW, please try to include patches in the body of the message instead
> of
> as binary attachments.



Mime
View raw message