Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9B597C113 for ; Thu, 7 Jun 2012 21:21:24 +0000 (UTC) Received: (qmail 96589 invoked by uid 500); 7 Jun 2012 21:21:23 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 96397 invoked by uid 500); 7 Jun 2012 21:21:23 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 96388 invoked by uid 99); 7 Jun 2012 21:21:23 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jun 2012 21:21:23 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of apache-lists@riggs.me designates 66.128.242.154 as permitted sender) Received: from [66.128.242.154] (HELO zion.christianserving.org) (66.128.242.154) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jun 2012 21:21:14 +0000 Received: from zion.christianserving.org (localhost.christianserving.org [127.0.0.1]) by zion.christianserving.org (Postfix) with ESMTP id 42C1727D77B for ; Thu, 7 Jun 2012 16:20:53 -0500 (CDT) X-Virus-Scanned: amavisd-new at christianserving.org X-Spam-Score: -2.9 X-Spam-Level: Received: from [10.1.1.22] (mail.daveramsey.com [67.216.167.148]) by zion.christianserving.org (Postfix) with ESMTPSA for ; Thu, 7 Jun 2012 16:20:52 -0500 (CDT) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Apple Message framework v1278) Subject: Re: [PATCH] mod_log_forensic security considerations From: Jim Riggs In-Reply-To: <201206072211.14168.sf@sfritsch.de> Date: Thu, 7 Jun 2012 16:20:51 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <33F5045A-D29A-49A1-8549-130BE7C4D2B8@riggs.me> References: <20120529173642.GB16642@tarsus.local2> <201206072211.14168.sf@sfritsch.de> To: dev@httpd.apache.org X-Mailer: Apple Mail (2.1278) X-Old-Spam-Flag: NO X-Old-Spam-Status: No, score=-2.9 tagged_above=-9999 required=6 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9] autolearn=ham On Jun 7, 2012, at 3:11 PM, Stefan Fritsch wrote: > I share Williams concern that this makes mod_forensic potentially less=20= > useful. >=20 > Maybe making the forensic log mode 600 by default would be a better=20 > idea? I have to agree with Jeff. I would rather have a more difficult or even = impossible time debugging a crash than have a security hole that relies = solely on file permissions. Maybe it should be a toggle in mod_forensic for debugging purposes = (defaulting to hiding Authorization). The problem with just changing the = file permissions is that sensitive data is still stored in the files. = Even if the files are owned by root, anyone with root access would have = access to others' usernames and passwords. I don't want to have that = access to others' credentials, nor do I want them to have access to = mine. I applied Jeff's patch as soon as it came across, wiped out all of our = archived forensic logs, and had all of our affected users reset their = passwords. Thanks, Jeff! - Jim