www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <m...@hyperreal.org>
Subject Re: suexec/1138: suExec uses too much privilege to do its logging
Date Mon, 15 Sep 1997 22:38:15 GMT
Synopsis: suExec uses too much privilege to do its logging

State-Changed-From-To: open-closed
State-Changed-By: marc
State-Changed-When: Mon Sep 15 15:37:57 PDT 1997
State-Changed-Why:
I'm afraid I don't see the concern.  If you do something
to the suexec source to make it insecure, like pointing
your log file at /etc/passwd, then that is completely
your problem.  We can try to prevent user errors, but that
is going a bit far.

Logging as the user httpd runs as is _not_ acceptable
because then the log file will not be secure if anyone
can compromise that UID.  Apache opens its logs as the
user it is started as (ie. normally root) by design,
and so does suexec.  I can't see the security risk.


Mime
View raw message