httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruslan Sivak <rsi...@istandfor.com>
Subject [users@httpd] Apache 2.2.6 weird security issue
Date Tue, 06 Nov 2007 16:19:20 GMT
I just upgraded from Apache 2.2.0 to 2.2.6 using the binaries from 
apachelounge.com.  After I put in the new binaries (keeping my config), 
it refused to start up due to a security failure (no futher information 
was in the logs).  After running Process Monitor, it looks like it was 
failing at the following place:

Operation: CreateFile
Path: C:\Program Files\Apache Group\Apache2.2\bin\httpd.exe
Result: ACCESS DENIED
Desired Access:    Read Data/List Directory, Execute/Traverse, Read 
Attributes, Synchronize
Disposition:    Open
Options:    Synchronous IO Non-Alert, Non-Directory File
Attributes:    n/a
ShareMode:    Read, Delete
AllocationSize:    n/a
Impersonating:    apache

Operation: CreateFile
Path: C:\Program Files\Apache Group\Apache2.2\bin\httpd.exe
Result: ACCESS DENIED
Desired Access:    Execute/Traverse, Synchronize
Disposition:    Open
Options:    Synchronous IO Non-Alert, Non-Directory File
Attributes:    n/a
ShareMode:    Read, Delete
AllocationSize:    n/a
Impersonating:    apache

Apache runs under the limited user "apache" and has read only access to 
the bin directory.  Why is it trying to CreateFile there?  (after giving 
it full access to that directory, things now work, but I would prefer to 
not give it access it doesn't need). 

Russ





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message