httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Riggs <apache-li...@riggs.me>
Subject Re: [PATCH] mod_log_forensic security considerations
Date Thu, 07 Jun 2012 21:20:51 GMT
On Jun 7, 2012, at 3:11 PM, Stefan Fritsch wrote:

> I share Williams concern that this makes mod_forensic potentially less 
> useful.
> 
> Maybe making the forensic log mode 600 by default would be a better 
> idea?


I have to agree with Jeff. I would rather have a more difficult or even impossible time debugging
a crash than have a security hole that relies solely on file permissions.

Maybe it should be a toggle in mod_forensic for debugging purposes (defaulting to hiding Authorization).
The problem with just changing the file permissions is that sensitive data is still stored
in the files. Even if the files are owned by root, anyone with root access would have access
to others' usernames and passwords. I don't want to have that access to others' credentials,
nor do I want them to have access to mine.

I applied Jeff's patch as soon as it came across, wiped out all of our archived forensic logs,
and had all of our affected users reset their passwords. Thanks, Jeff!

- Jim


Mime
View raw message