httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <>
Subject Re: [users@httpd] Opening ErrorLog as root and overwriting any file on the system
Date Thu, 24 Nov 2011 17:20:16 GMT
On Thu, Nov 24, 2011 at 5:03 PM, Silviu Andrica
<> wrote:
> Hi Tom,
> thanks for the answer. It makes perfect sense.
> The solution I thought about is a bit more complex. I did not go through the
> Apache code, so below is just a sketch.
> seteuid(${APACHE_RUN_USER}); //drop privileges
> open(${ErrorLog}); //open file
> seteuid(0); // get back root privileges
> chown(${ErrorLog}, root, …); // change owner to root
> In this case, the ErrorLog will be opened and accessible
> as ${APACHE_RUN_USER} for only a brief moment of time, and after that it
> becomes owned by root. AFAIK, this solves the issue I raised. If I miss any
> point, please let me know.

What would it do when the file already exists and is owned by root? :)

It is hard to distinguish between "file owned by root, but we should
append to it" and "file owned by root and the admin made a mistake in
the conf file". The former is the usual case when starting a server
with pre-existing log files, the latter is the case you are trying to



The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message