httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [PATCH] mod_log_forensic security considerations
Date Wed, 06 Jun 2012 19:46:23 GMT
On Tue, May 29, 2012 at 1:36 PM, Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
> https://blogs.apache.org/infra/entry/apache_org_incident_report_for
>
> Infra got bit by mod_log_forensic logs including Authorization headers
> and being world-readable, so in an effort to save someone else from
> repeating this mistake how about adding it to the "Security
> considerations" section of the documentation:
>
> [[[
> Index: docs/manual/mod/mod_log_forensic.xml
> ===================================================================
> --- docs/manual/mod/mod_log_forensic.xml        (revision 1342688)
> +++ docs/manual/mod/mod_log_forensic.xml        (working copy)
> @@ -93,6 +93,10 @@
>     document for details on why your security could be compromised
>     if the directory where logfiles are stored is writable by
>     anyone other than the user that starts the server.</p>
> +    <p>The logfiles may contain sensitive data such as the contents of
> +    <code>Authorization:</code> headers (which can contain passwords),
so
> +    they should not be readable by anyone except the user that starts the
> +    server.</p>
>  </section>
>
>  <directivesynopsis>
> ]]]
>
> Perhaps it would be a useful feature to allow excluding those headers
> from being logged, too.

IMO they shouldn't be logged by default (if at all).
Proxy-Authorization also needs to be handled.  (Anything else?  My
search query foo is particularly bad today.)

Attached is a potential code fix...  I guess a directive could be
added to allow them to be logged, but when would that be needed?  (A.
When the request crashes due to the exact value of one of these
headers and the module author needs it for debugging.)

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Mime
View raw message