httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fabio Corazza <fa...@newbay.com>
Subject Re: [users@httpd] suEXEC verbosity
Date Tue, 03 Oct 2006 14:54:39 GMT
Joshua Slive wrote:
> Those messages are generated within suexec and since suexec is not
> run-time configurable (for security reasons) they are not
> configurable.  You would need to edit the source code and recompile
> (being careful to heed the warnings about not messing with suexec
> unless you know what you are doing).
> 
> Joshua.

Ok, that's what I did. Inside suexec.c, I just commented the following code:

log_no_err("uid: (%s/%s) gid: (%s/%s) cmd: %s\n",
           target_uname, actual_uname,
           target_gname, actual_gname,
           cmd);

and:

if ((~AP_SUEXEC_UMASK) & 0022) {
    log_err("notice: AP_SUEXEC_UMASK of %03o allows "
             "write permission to group and/or other\n", AP_SUEXEC_UMASK);
   }

While the second one can be safe to delete (it's just a notice about the
umask, since I use the umask setting I don't want to be noticed in
regard of that), the first one may possibly cause some problems, since
the comment above it states:

    /*
     * Log the transaction here to be sure we have an open log
     * before we setuid().
     */

What it concerns me is: if I delete the logging of the transactions,
will suEXEC be able to open the log file if any other error happens?



Regards,

-- 
Fabio Corazza - Engineering
NewBay Software, Ltd.
Wilson House, Fenian Street, Dublin 2, Ireland
Phone: +353 1 634 5490 - e-mail: fabio@newbay.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message