www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Hoskins <m...@nipltd.com>
Subject mod_rewrite/2341: Permissions/Ownership of RewriteLock files prevent child access and thus apache from starting up when they are used.
Date Tue, 02 Jun 1998 15:56:08 GMT

>Number:         2341
>Category:       mod_rewrite
>Synopsis:       Permissions/Ownership of RewriteLock files prevent child access and thus
apache from starting up when they are used.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Jun  2 10:10:01 PDT 1998
>Last-Modified:
>Originator:     matt@nipltd.com
>Organization:
apache
>Release:        1.3b7
>Environment:
Linux 2.0.32, gcc 2.7.2
>Description:
The file specified as the RewriteLock file for the RewriteMap I am using is
being created with root as the owner, and -rw--r--r-- as the permissions when
I start apache up (presumably by the parent httpd process). The children
are then unable to access this, presumably as they have given up root privs.

The error message I get is:
"mod_rewrite: Child could not open RewriteLock file /foo/file.lck"

If - after the file has been created, and while the errors are being generated -
I chmod a+w the file, the children stop complaining and everything works.
>How-To-Repeat:
Use a rewritelock for a rewrite map program, and have the user the children
run as be anything other than the user apache started up as.
>Fix:
I guess setting the permissions so that anyone can write to the file is not
secure. Maybe pass an open file handle to the children? I haven't looked through
the code, so I'm only guessing :).
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]




Mime
View raw message