www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: mod_log-any/2085: Logfiles provide a big backdoor in apache v*
Date Tue, 21 Apr 1998 00:20:01 GMT
The following reply was made to PR mod_log-any/2085; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Phil Rosenthal <winter@villaweb.net>
Cc: apbugs@hyperreal.org
Subject: Re: mod_log-any/2085: Logfiles provide a big backdoor in apache v*
Date: Mon, 20 Apr 1998 18:16:03 -0600 (MDT)

 On 20 Apr 1998, Phil Rosenthal wrote:
 
 > >Description:
 > I was trying to hack my box (just to see if/how others could), and I found
 > a very big, and dangerous flaw...
 > I had a logfiles directory for every user where they had all the standard
 > Apache logs...
 
 Note that this is not a bug and is well known and documented explicitly.
 
 I'm not sure that adding an option to have the logfiles written by a
 different user helps that much because the people who don't read the docs
 won't know about this open either.
 

Mime
View raw message