>
> That's what I thought. Setting 'EMBPERL_DEBUG 0' should really
> turn off any
> kind of logging including even trying to open the log file.
>
Look at epio.c function OpenLog line 838
if (r -> bDebug == 0)
return ok ; /* never write to logfile if debugging is disabled */
If the DEBUG Flags are zero Embperl should never open the log, but if you do
one request with EMBPERL_DEBUG != 0, the logfile is open and will stay open.
> > I consider this a bug and a security
> > hazard
> > (writing anything blindly to /tmp can have potentially lethal
> side effects,
> > eg: user foo puts in a symlink from /tmp/embperl.log to
> anything owned by the
> > user running the server and that file gets embperl logs
> appended to it!).
> >
If the logfile really get opend before you have a chance to set
EMBPERL_DEBUG to 0, then it's a bug and a security whole, but I can't see
this for now, but maybe I oversee something...
> > The log file is tied to at a few different spots within the
> code. None of
> > these check the setting of EMBPERL_DEBUG before tying to the
> log. They should
> > only tie to the log if the debug setting is not zero.
> >
The logfile is only opened at this one place in OpenLog I mentioned above
and this function checks the debug setting, _before_ opening the log. So if
EMBPERL_DEBUG is zero, the log file will never get opend and all other
function will just throw anything you try to write to the logfile away, if
the log file isn't opened.
Gerald
-------------------------------------------------------------
Gerald Richter ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: [EMAIL PROTECTED] Voice: +49 6133 925151
WWW: http://www.ecos.de Fax: +49 6133 925152
-------------------------------------------------------------
