www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <m...@hyperreal.org>
Subject Re: config/916: When using an NFS appliance (like Net Appl. Toaster) File Ownership issues before the switch to the final UID
Date Fri, 25 Jul 1997 16:11:52 GMT
Synopsis: When using an NFS appliance (like Net Appl. Toaster) File Ownership issues before
the switch to the final UID

State-Changed-From-To: open-closed
State-Changed-By: marc
State-Changed-When: Fri Jul 25 09:11:50 PDT 1997
State-Changed-Why:
This is probably an issue with a "feature" in the way
Linux does NFS writes.  On any sane system, if you open
a descriptor as root then change uids to another uid,
you should still be able to write to the open descriptor.
The log files are purposely created as the user that
starts the server (ie. normally root) for security
purposes; otherwise anyone who could run something as
the user the server runs as could mess with them.  Note
that if the user the server runs as has write permissions
to the logs directory (not just the files in it), then
anyone who compromises that ID can get root easily.

Also note that when logging via NFS you are not necessarily
guaranteed that writes to files opened with O_APPEND will
be atomic, so you may get intermingled entries.

Something similar is reported in PR#452.

Unfortunately, there is really nothing Apache can do.


Mime
View raw message