Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7CC7B9AF9 for ; Thu, 24 Nov 2011 18:22:55 +0000 (UTC) Received: (qmail 95732 invoked by uid 500); 24 Nov 2011 18:22:52 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 95681 invoked by uid 500); 24 Nov 2011 18:22:52 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 95673 invoked by uid 99); 24 Nov 2011 18:22:52 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Nov 2011 18:22:52 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of silviu.andrica@gmail.com designates 209.85.160.173 as permitted sender) Received: from [209.85.160.173] (HELO mail-gy0-f173.google.com) (209.85.160.173) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Nov 2011 18:22:47 +0000 Received: by ghbg19 with SMTP id g19so3750682ghb.18 for ; Thu, 24 Nov 2011 10:22:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=chaACoftrQF85I1tngbsCAfDp8M0Sax5eWrdGL9VC2c=; b=K7TgjYzcq+VKrYk48w431SzUSK3LGtoEiOxYYQbH6tkCG3ToPEQ/JFpiD4mQE9sqfa 22d43hS8zmIi8UzgbomDBuMi4X/keSY6LTwuVfl8vNjUqAGV1UIpYkJOzJgEehvVc1jY O8+82j3JR6alYU8C6dx3BvD/0CKRvmrPCoEHU= MIME-Version: 1.0 Received: by 10.236.184.129 with SMTP id s1mr9300895yhm.96.1322158946665; Thu, 24 Nov 2011 10:22:26 -0800 (PST) Received: by 10.147.98.14 with HTTP; Thu, 24 Nov 2011 10:22:26 -0800 (PST) In-Reply-To: References: <0AD83689-C69D-4F32-8AFF-F8BDBEC35710@gmail.com> Date: Thu, 24 Nov 2011 19:22:26 +0100 Message-ID: From: silviu andrica To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=20cf303f6d545a43ca04b27f1ee2 Subject: Re: [users@httpd] Opening ErrorLog as root and overwriting any file on the system --20cf303f6d545a43ca04b27f1ee2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Igor, I think you are wrong. I wrote this simple program that does what I suggested: #include #include #include int main(int argc, char** argv){ uid_t low_uid =3D 1000; uid_t high_uid =3D getuid(); seteuid(low_uid); // drop privilege const char* fileName=3D"test.txt"; FILE* file =3D fopen(fileName, "w"); if(file =3D=3D NULL){ printf("File doesn't exist or you don't have the right to write it\n"); exit(1); } seteuid(high_uid); // regain privilege chown(fileName, high_uid, high_uid); fclose(file); } It drops temporarily root privileges and then gets them back. This is its output: $ ls -l test.txt -rw-rw-r-- 1 slv slv 0 2011-11-24 19:17 test.txt $ sudo ./uid //this is what the program above is compiled to $ ls -l test.txt -rw-rw-r-- 1 root root 0 2011-11-24 19:17 test.txt $ ./uid File doesn't exist or you don't have the right to write it $ ls -l test.txt -rw-rw-r-- 1 root root 0 2011-11-24 19:17 test.txt Best regards, Silviu 2011/11/24 Igor Gali=C4=87 > > > ----- Original Message ----- > > > > > > What would it do when the file already exists and is owned by root? > > > :) > > > > > > > > > It is hard to distinguish between "file owned by root, but we > > > should > > > append to it" and "file owned by root and the admin made a mistake > > > in > > > the conf file". The former is the usual case when starting a server > > > with pre-existing log files, the latter is the case you are trying > > > to > > > avoid. > > > > > True. However, assuming that when Apache terminates, the owner of the > > error log is set to be ${APACHE_RUN_USER}, then the problem of not > > being able to access the file manifests only on the first run. > > > > Dear httpd admin, the ${ErrorLog} file can be opened only by root. > > Wanna continue? > > If yes, raise privileges this time only. There's not going to be a > > next time. > > To repeat this again, just in case: > > Privileges can only ever be *dropped* > Privileges can *never* be raised. This is by design. > > > > > > > All in all, I see your point. It's more of a maintenance issue. > > > > Thanks for the answers, > > Silviu > > > Cheers > > > > > > Tom > > > > > > --------------------------------------------------------------------- > > > The official User-To-User support forum of the Apache HTTP Server > > > Project. > > > See for more info. > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > > > " from the digest: users-digest-unsubscribe@httpd.apache.org > > > For additional commands, e-mail: users-help@httpd.apache.org > > > > > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP Server > > Project. > > See for more info. > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > > " from the digest: users-digest-unsubscribe@httpd.apache.org > > For additional commands, e-mail: users-help@httpd.apache.org > > > > > > -- > Igor Gali=C4=87 > > Tel: +43 (0) 664 886 22 883 > Mail: i.galic@brainsware.org > URL: http://brainsware.org/ > GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project= . > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > --20cf303f6d545a43ca04b27f1ee2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Igor,

I think you are wrong.

I wrote this simple program = that does what I suggested:
#include <sys/types.h>
#include <= ;unistd.h>
#include <stdio.h>

int main(int argc, char** = argv){

uid_t low_uid =3D 1000;
uid_t high_uid =3D getuid();

seteuid(= low_uid); // drop privilege
const char* fileName=3D"test.txt";=
FILE* file =3D fopen(fileName, "w");
if(file =3D=3D NULL){=
=C2=A0 printf("File doesn't exist or you don't have the ri= ght to write it\n");
=C2=A0 exit(1);
}
seteuid(high_uid); // regain privilege
chown(fil= eName, high_uid, high_uid);
fclose(file);
}

It drops temporari= ly root privileges and then gets them back.

This is its output:
$= ls -l test.txt
-rw-rw-r-- 1 slv slv 0 2011-11-24 19:17 test.txt
$ sudo ./uid //this is = what the program above is compiled to
$ ls -l test.txt
-rw-rw-r-- 1 r= oot root 0 2011-11-24 19:17 test.txt
$ ./uid
File doesn't exist = or you don't have the right to write it
$ ls -l test.txt
-rw-rw-r-- 1 root root 0 2011-11-24 19:17 test.txt
<= br>Best regards,
Silviu

2011/11/24 Igo= r Gali=C4=87 <i.galic@brainsware.org>


----- Original Message -----
> > <DevilsAdvocate>
> > What would it do when the file already exists and is owned by roo= t?
> > :)
> > </DevilsAdvocate>
> >
> > It is hard to distinguish between "file owned by root, but w= e
> > should
> > append to it" and "file owned by root and the admin mad= e a mistake
> > in
> > the conf file". The former is the usual case when starting a= server
> > with pre-existing log files, the latter is the case you are tryin= g
> > to
> > avoid.
> >
> True. However, assuming that when Apache terminates, the owner of the<= br> > error log is set to be ${APACHE_RUN_USER}, then the problem of not
> being able to access the file manifests only on the first run.
> <SillyIdea>
> Dear httpd admin, the ${ErrorLog} file can be opened only by root.
> Wanna continue?
> If yes, raise privileges this time only. There's not going to be a=
> next time.

To repeat this again, just in case:

Privileges can only ever be *dropped*
Privileges can *never* be raised. This is by design.

> </SillyIdea>
>
> All in all, I see your point. It's more of a maintenance issue. >
> Thanks for the answers,
> Silviu
> > Cheers
> >
> > Tom
> >
> > -----------------------------------------------------------------= ----
> > The official User-To-User support forum of the Apache HTTP Server=
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more inf= o.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > =C2=A0 " =C2=A0 from the digest: users-digest-unsubscribe@httpd.apache.org=
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------<= br> > The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> =C2=A0 =C2=A0" =C2=A0 from the digest: users-digest-unsubscribe@httpd.apache.or= g
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

--
Igor Gali=C4=87

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org<= br> URL: http://brainsware= .org/
GPG: 6880 4155 74BD FD7C B515 =C2=A02EA5 4B1D 9E08 A097 C9AE


-----------------------------= ----------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.<= br> See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
=C2=A0 " =C2=A0 from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


--20cf303f6d545a43ca04b27f1ee2--