www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rüdiger" "Plüm" <r.pl...@gmx.de>
Subject mod_log-any/8127: Logfiles are written as root, rotatelogs is started as root if apache is started by root
Date Thu, 02 Aug 2001 20:55:44 GMT

>Number:         8127
>Category:       mod_log-any
>Synopsis:       Logfiles are written as root, rotatelogs is started as root if apache
is started by root
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Thu Aug 02 14:00:00 PDT 2001
>Originator:     r.pluem@gmx.de
>Release:        1.3.12 and up
Linux, Solaris probably all other Unix OS
If apache is started by root as it is needed if you want to bind a priviliged
port then all logfiles configured in Errorlog, Customlog and Transferlog
directives are written by root. Even worse, if you use the pipe feature of
these directives the programs that process the piped logdata are also
running with uid 0.
Since it is basicly a bad thing running programs with uid 0 or writing files
as root if it is not needed I would appreciate if could add either a directive
or even better a command line option to httpd which allows to set the uid and
the gid used for writing logfiles and for running programs that process
the piped logdata.
IMHO this would have the following advantages:
1. root can prevent symlink attacks to root owned files once and forever.
2. vulnerabilities in programs that are used to process piped logdata do not
   have very harmful impacts to the whole system.

Since I am not a programer I can not suggest any patches for the apache sources.

Thanks in advance and kind regards

Rüdiger Plüm
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]

View raw message