cvs commit: apachen/htdocs/manual/misc security_tips.html
dgaudet 97/12/13 16:49:20 Modified:htdocs/manual install.html htdocs/manual/misc security_tips.html Removed: htdocs/manual install_1_1.html Log: We talk about a proper installation occasionally... and assume folks know how to set the perms on the serverroot. But I don't think we document it anywhere. Nowhere that's easily found direct from the how to install page. Document it better, link to it. Remove the install_1_1 docs. Update a 1.2 reference to 1.3. Revision ChangesPath 1.18 +4 -5 apachen/htdocs/manual/install.html Index: install.html === RCS file: /export/home/cvs/apachen/htdocs/manual/install.html,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- install.html 1997/11/25 09:47:47 1.17 +++ install.html 1997/12/14 00:49:18 1.18 @@ -14,10 +14,7 @@ !--#include virtual=header.html -- -H1 ALIGN=CENTERCompiling and Installing Apache 1.2/H1 - -PIf you wish to download and install an earlier version of Apache please -read A HREF=install_1_1.htmlCompiling and Installing Apache 1.1/A./P +H1 ALIGN=CENTERCompiling and Installing Apache 1.3/H1 UnixWare users will want to consult A HREF=unixware.htmlbuild notes/A for various UnixWare versions before compiling. @@ -128,7 +125,9 @@ designed to be configured and run from the same set of directories where it is compiled. If you want to run it from somewhere else, make a directory and copy the CODEconf/CODE, CODElogs/CODE and -CODEicons/CODE directories into it. P +CODEicons/CODE directories into it. In either case you should +read the a href=misc/security_tips.html#serverrootsecurity tips/a +describing how to set the permissions on the server root directory.P The next step is to edit the configuration files for the server. This consists of setting up various Bdirectives/B in up to three 1.11 +42 -10apachen/htdocs/manual/misc/security_tips.html Index: security_tips.html === RCS file: /export/home/cvs/apachen/htdocs/manual/misc/security_tips.html,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- security_tips.html1997/07/06 17:19:07 1.10 +++ security_tips.html1997/12/14 00:49:19 1.11 @@ -22,16 +22,48 @@ HR -H2Permissions on Log File Directories/H2 -PWhen Apache starts, it opens the log files as the user who started the -server before switching to the user defined in the -a href=../mod/core.html#userbUser/b/a directive. Anyone who -has write permission for the directory where any log files are -being written to can append pseudo-arbitrary data to any file on the -system which is writable by the user who starts Apache. Since the -server is normally started by root, you should EMNOT/EM give anyone -write permission to the directory where logs are stored unless you -want them to have root access. +a name=serverroot +H2Permissions on ServerRoot Directories/H2/a +PIn typical operation, Apache is started by the root +user, and it switches to the user defined by the a +href=../mod/core.html#userbUser/b/a directive to serve hits. +As is the case with any command that root executes, you must take care +that it is protected from modification by non-root users. Not only +must the files themselves be writeable only by root, but so must the +directories, and parents of all directories. For example, if you +choose to place ServerRoot in code/usr/local/apache/code then it is +suggested that you create that directory as root, with commands +like these: + +blockquotepre +mkdir /usr/local/apache +cd /usr/local/apache +mkdir bin conf logs +chown 0 . bin conf logs +chgrp 0 . bin conf logs +chmod 755 . bin conf logs +/pre/blockquote + +It is assumed that /, /usr, and /usr/local are only modifiable by root. +When you install the httpd executable, you should ensure that it is +similarly protected: + +blockquotepre +cp httpd /usr/local/apache/bin +chown 0 /usr/local/apache/bin/httpd +chgrp 0 /usr/local/apache/bin/httpd +chmod 511 /usr/local/apache/bin/httpd +/pre/blockquote + +pYou can create an htdocs subdirectory which is modifiable by other +users -- since root never executes any files out of there, and shouldn't +be creating files in there. + +pIf you allow non-root users to modify any files that root either +executes or writes on then you open your system to root compromises. +For example, someone could replace the httpd binary so that the next +time you start it, it will execute some arbitrary code. Or someone +could overwrite the logs with arbitrary data. P HR H2Server Side Includes/H2
cvs commit: apachen/htdocs/manual/mod core.html mod_log_config.html
dgaudet 97/12/13 16:57:47
Modified:htdocs/manual/misc security_tips.html
htdocs/manual/mod core.html mod_log_config.html
Log:
More tweaks related to serverroot/logs/etc.
Revision ChangesPath
1.12 +6 -2 apachen/htdocs/manual/misc/security_tips.html
Index: security_tips.html
===
RCS file: /export/home/cvs/apachen/htdocs/manual/misc/security_tips.html,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- security_tips.html1997/12/14 00:49:19 1.11
+++ security_tips.html1997/12/14 00:57:44 1.12
@@ -62,8 +62,12 @@
pIf you allow non-root users to modify any files that root either
executes or writes on then you open your system to root compromises.
For example, someone could replace the httpd binary so that the next
-time you start it, it will execute some arbitrary code. Or someone
-could overwrite the logs with arbitrary data.
+time you start it, it will execute some arbitrary code. If the logs
+directory is writeable (by a non-root user), someone
+could replace a log file with a symlink to some other system file,
+and then root might overwrite that file with arbitrary data. If the
+log files themselves are writeable (by a non-root user), then someone
+may be able to overwrite the log itself with bogus data.
P
HR
H2Server Side Includes/H2
1.86 +15 -7 apachen/htdocs/manual/mod/core.html
Index: core.html
===
RCS file: /export/home/cvs/apachen/htdocs/manual/mod/core.html,v
retrieving revision 1.85
retrieving revision 1.86
diff -u -r1.85 -r1.86
--- core.html 1997/11/15 00:16:48 1.85
+++ core.html 1997/12/14 00:57:45 1.86
@@ -570,7 +570,7 @@
blockquotecodeErrorLog /dev/null/code/blockquote
This effectively turns off error logging.p
-SECURITY: See the A HREF=../misc/security_tips.htmlsecurity tips/A
+SECURITY: See the A HREF=../misc/security_tips.html#serverrootsecurity
tips/A
document for details on why your security could be compromised if
the directory where logfiles are stored is writable by anyone other
than the user that starts the server.
@@ -1025,9 +1025,12 @@
Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be
left at its default value. The main reason for changing it is if
-the codelogs/code directory is NFS mounted, since the lockfile
-should be stored on a local disk if possible. The PID of the main
-server process is automatically appended to the filename.
+the codelogs/code directory is NFS mounted, since bthe lockfile
+must be stored on a local disk/b. The PID of the main
+server process is automatically appended to the filename. p
+
+The LockFile is subject to the same warnings about log file placement and
+a href=../misc/security_tips.html#serverrootsecurity/a.
PHR
@@ -1245,7 +1248,7 @@
signal to the process id listed in the PidFile.p
The PidFile is subject to the same warnings about log file placement and
-a href=../misc/security_tips.htmlsecurity/a.
+a href=../misc/security_tips.html#serverrootsecurity/a.
phr
@@ -1569,8 +1572,13 @@
The ServerRoot directive sets the directory in which the server lives.
Typically it will contain the subdirectories codeconf//code and
codelogs//code. Relative paths for other configuration files are taken
-as relative to this directory.br
-See also a href=../invoking.htmlthe code-d/code option to
httpd/a.phr
+as relative to this directory.p
+
+See also a href=../invoking.htmlthe code-d/code option to
httpd/a.p
+See also a href=../misc/security_tips.html#serverrootthe security
tips/a
+for information on how to properly set permissions on the ServerRoot.p
+
+hr
h2A name=servertypeServerType directive/A/h2
!--%plaintext lt;?INDEX {\tt ServerType} directivegt; --
1.20 +4 -4 apachen/htdocs/manual/mod/mod_log_config.html
Index: mod_log_config.html
===
RCS file: /export/home/cvs/apachen/htdocs/manual/mod/mod_log_config.html,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- mod_log_config.html 1997/09/12 14:50:47 1.19
+++ mod_log_config.html 1997/12/14 00:57:46 1.20
@@ -173,10 +173,10 @@
h2Security Considerations/h2
-See the A HREF=../misc/security_tips.htmlsecurity tips/A document
-for details on why your security could be compromised if the directory
-where logfiles are stored is writable by anyone other than the user
-that starts the server.
+See the A HREF=../misc/security_tips.html#securitysecurity tips/A
+document for details on why your security could be
cvs commit: apachen/htdocs/manual/mod core.html
dgaudet 97/12/13 17:04:57 Modified:htdocs/manual/mod core.html Log: The port documentation was a little unclear on its overlap with the Listen directive. PR: 975 Revision ChangesPath 1.87 +3 -1 apachen/htdocs/manual/mod/core.html Index: core.html === RCS file: /export/home/cvs/apachen/htdocs/manual/mod/core.html,v retrieving revision 1.86 retrieving revision 1.87 diff -u -r1.86 -r1.87 --- core.html 1997/12/14 00:57:45 1.86 +++ core.html 1997/12/14 01:04:56 1.87 @@ -1272,7 +1272,9 @@ li In the absence of any a href=#listenListen/a or a href=#bindaddressBindAddress/a directives specifying a port number, -the Port directive sets the network port on which the server listens. +a Port directive given in the main server +(i.e. outside any a href=#virtualhostlt;VirtualHostgt/a section) +sets the network port on which the server listens. If there are any Listen or BindAddress directives specifying code:number/code then Port has no effect on what address the server listens at.
cvs commit: apachen/htdocs/manual/mod mod_access.html
dgaudet 97/12/13 17:07:38 Modified:htdocs/manual/mod mod_access.html Log: Note that the CIDR syntaxes are for 1.3 and later. PR: 1534 Revision ChangesPath 1.11 +4 -4 apachen/htdocs/manual/mod/mod_access.html Index: mod_access.html === RCS file: /export/home/cvs/apachen/htdocs/manual/mod/mod_access.html,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- mod_access.html 1997/07/30 18:41:47 1.10 +++ mod_access.html 1997/12/14 01:07:37 1.11 @@ -53,10 +53,10 @@ ddAn IP address of a host allowed access dtA partial IP address ddThe first 1 to 3 bytes of an IP address, for subnet restriction. -dtA network/netmask pair +dtA network/netmask pair (bApache 1.3 and later/b) ddA network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction. (i.e. 10.1.0.0/255.255.0.0) -dtA network/nnn CIDR specification +dtA network/nnn CIDR specification (bApache 1.3 and later/b) ddSimilar to the previous case, except the netmask consists of nnn high-order 1 bits. (i.e. 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0) /dl @@ -127,10 +127,10 @@ ddAn IP address of a host denied access dtA partial IP address ddThe first 1 to 3 bytes of an IP address, for subnet restriction. -dtA network/netmask pair +dtA network/netmask pair (bApache 1.3 and later/b) ddA network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction. (i.e. 10.1.0.0/255.255.0.0) -dtA network/nnn CIDR specification +dtA network/nnn CIDR specification (bApache 1.3 and later/b) ddSimilar to the previous case, except the netmask consists of nnn high-order 1 bits. (i.e. 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0) /dl
cvs commit: apache-site in_the_news.html
brian 97/12/13 18:59:43 Modified:.in_the_news.html Log: add blurb from SJ Merc. Revision ChangesPath 1.20 +12 -0 apache-site/in_the_news.html Index: in_the_news.html === RCS file: /export/home/cvs/apache-site/in_the_news.html,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- in_the_news.html 1997/12/01 21:37:23 1.19 +++ in_the_news.html 1997/12/14 02:59:42 1.20 @@ -20,6 +20,18 @@ hr P +strongSan Jose Mercury News, December 12th 1997/strong +A HREF=http://www1.sjmercury.com/columnists/gillmor/docs/dg121297.htm; +strongciteThere's money to be made in freeware/cite/strong/a +br +blockquote + If some cosmic force caused all of the free software at work on + today's Internet to suddenly stop running, major portions of the Net + would come to a grinding halt -- because free software, sometimes + called freeware, is at the heart of the action. +/blockquote + +P strongBYTE Magazine, December 1997 issue/strong A href=http://www.byte.com/art/9712/sec8/art1.htm; strongciteThe Value of Free Software/cite/strong/a
cvs commit: apache-site related_projects.html
brian 97/12/13 19:13:04 Modified:.related_projects.html Log: Fixed named of Java-Apache project Revision ChangesPath 1.13 +1 -1 apache-site/related_projects.html Index: related_projects.html === RCS file: /export/home/cvs/apache-site/related_projects.html,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- related_projects.html 1997/12/03 07:28:03 1.12 +++ related_projects.html 1997/12/14 03:13:04 1.13 @@ -153,7 +153,7 @@ BLOCKQUOTE For more information check out the A HREF=http://java.apache.org/; -JSDK/Apache/A site. +Java-Apache/A site. /BLOCKQUOTE HR
cvs commit: apachen/src/modules/standard mod_status.c
ben 97/12/14 06:26:13 Modified:src CHANGES src/modules/standard mod_status.c Log: Correct header for Win32. Revision ChangesPath 1.526 +2 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.525 retrieving revision 1.526 diff -u -r1.525 -r1.526 --- CHANGES 1997/12/12 08:09:17 1.525 +++ CHANGES 1997/12/14 14:26:11 1.526 @@ -1,5 +1,7 @@ Changes with Apache 1.3b4 + *) WIN32: mod_status display header didn't match fields. [Ben Laurie] + *) The pthread_mutex_* functions return an error code, and don't set errno. [Igor Tatarinov [EMAIL PROTECTED]] 1.67 +1 -1 apachen/src/modules/standard/mod_status.c Index: mod_status.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_status.c,v retrieving revision 1.66 retrieving revision 1.67 diff -u -r1.66 -r1.67 --- mod_status.c 1997/10/22 20:30:30 1.66 +++ mod_status.c 1997/12/14 14:26:13 1.67 @@ -429,7 +429,7 @@ if (no_table_report) rputs(phrh2Server Details/h2\n\n, r); else -#ifdef __EMX__ +#ifdef NO_TIMES /* Allow for OS/2 not having CPU stats */ rputs(p\n\ntable border=0trthSrvthPIDthAccthM\nthSSthReqthConnthChildthSlotthHostthVHostthRequest/tr\n\n, r); #else
cvs commit: apachen/src/main http_config.c
ben 97/12/14 06:39:38 Modified:src CHANGES src/main http_config.c Log: Make set_file_slot() use os_is_path_absolute(). PR: 1511 Revision ChangesPath 1.527 +3 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.526 retrieving revision 1.527 diff -u -r1.526 -r1.527 --- CHANGES 1997/12/14 14:26:11 1.526 +++ CHANGES 1997/12/14 14:39:35 1.527 @@ -1,5 +1,8 @@ Changes with Apache 1.3b4 + *) WIN32: set_file_slot() didn't detect absolute paths. [Ben Laurie] + PR#1511 + *) WIN32: mod_status display header didn't match fields. [Ben Laurie] *) The pthread_mutex_* functions return an error code, and don't 1.88 +1 -1 apachen/src/main/http_config.c Index: http_config.c === RCS file: /export/home/cvs/apachen/src/main/http_config.c,v retrieving revision 1.87 retrieving revision 1.88 diff -u -r1.87 -r1.88 --- http_config.c 1997/11/29 05:51:52 1.87 +++ http_config.c 1997/12/14 14:39:37 1.88 @@ -877,7 +877,7 @@ so the server can be moved or mirrored with less pain. */ char *p; int offset = (int) cmd-info; -if (*arg == '/') +if (os_is_path_absolute(arg)) p = pstrdup(cmd-pool, arg); else p = make_full_path(cmd-pool, server_root, arg);
cvs commit: apachen/src/os/win32 util_win32.c
ben 97/12/14 06:53:48
Modified:src CHANGES
src/os/win32 util_win32.c
Log:
Fix buffer overflow problem.
PR: 1378
Submitted by: [EMAIL PROTECTED]
Reviewed by: Ben Laurie
Revision ChangesPath
1.528 +5 -1 apachen/src/CHANGES
Index: CHANGES
===
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.527
retrieving revision 1.528
diff -u -r1.527 -r1.528
--- CHANGES 1997/12/14 14:39:35 1.527
+++ CHANGES 1997/12/14 14:53:45 1.528
@@ -1,7 +1,10 @@
Changes with Apache 1.3b4
+ *) WIN32: avoid overflows during file canonicalisations.
+ [EMAIL PROTECTED] #PR1378
+
*) WIN32: set_file_slot() didn't detect absolute paths. [Ben Laurie]
- PR#1511
+ PR#1511, 1508
*) WIN32: mod_status display header didn't match fields. [Ben Laurie]
@@ -23,6 +26,7 @@
[Ben Hyde] PR#1387
*) WIN32: Only lowercase the part of the path that is real. [Ben Laurie]
+ PR#1505
*) Fix problems with timeouts in inetd mode and -X mode. [Dean Gaudet]
1.6 +2 -2 apachen/src/os/win32/util_win32.c
Index: util_win32.c
===
RCS file: /export/home/cvs/apachen/src/os/win32/util_win32.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- util_win32.c 1997/11/27 14:32:40 1.5
+++ util_win32.c 1997/12/14 14:53:47 1.6
@@ -7,7 +7,7 @@
static void sub_canonical_filename(char *szCanon, const char *szFile)
{
-char buf[_MAX_PATH];
+char buf[HUGE_STRING_LEN];
int n;
char *szFilePart;
WIN32_FIND_DATA d;
@@ -56,7 +56,7 @@
API_EXPORT(char *) os_canonical_filename(pool *pPool, const char *szFile)
{
-char buf[_MAX_PATH];
+char buf[HUGE_STRING_LEN];
sub_canonical_filename(buf, szFile);
return pstrdup(pPool, buf);
cvs commit: apachen/src/os/win32 .cvsignore
ben 97/12/14 07:13:26 Modified:src/os/win32 .cvsignore Log: Get up to date. Revision ChangesPath 1.5 +2 -0 apachen/src/os/win32/.cvsignore Index: .cvsignore === RCS file: /export/home/cvs/apachen/src/os/win32/.cvsignore,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- .cvsignore1997/08/17 13:03:31 1.4 +++ .cvsignore1997/12/14 15:13:26 1.5 @@ -21,3 +21,5 @@ ApacheModuleStatusR ApacheModuleUserTrackD ApacheModuleUserTrackR +ApacheOSR +ApacheOSD
cvs commit: apachen/src/modules/standard mod_alias.c
dgaudet 97/12/14 12:48:56
Modified:src/main alloc.c
src/modules/standard mod_alias.c
Log:
Fix a SIGSEGV for RedirectMatch gone /. Fix a slight incompatibility
introduced into pstrcat in rev 1.42.
PR: 1319
Reviewed by: Ben Laurie, Martin Kraemer
Revision ChangesPath
1.61 +1 -3 apachen/src/main/alloc.c
Index: alloc.c
===
RCS file: /export/home/cvs/apachen/src/main/alloc.c,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- alloc.c 1997/12/07 21:33:18 1.60
+++ alloc.c 1997/12/14 20:48:54 1.61
@@ -553,11 +553,9 @@
/* Allocate the required string */
-if (len == 0) {
- return NULL;
-}
res = (char *) palloc(a, len + 1);
cp = res;
+*cp = '\0';
/* Pass two --- copy the argument strings into the result space */
1.27 +10 -4 apachen/src/modules/standard/mod_alias.c
Index: mod_alias.c
===
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_alias.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- mod_alias.c 1997/10/22 20:30:13 1.26
+++ mod_alias.c 1997/12/14 20:48:55 1.27
@@ -297,10 +297,16 @@
if (p-regexp) {
if (!regexec(p-regexp, r-uri, p-regexp-re_nsub + 1, regm, 0)) {
- found = pregsub(r-pool, p-real, r-uri,
- p-regexp-re_nsub + 1, regm);
- if (found doesc) {
- found = escape_uri(r-pool, found);
+ if (p-real) {
+ found = pregsub(r-pool, p-real, r-uri,
+ p-regexp-re_nsub + 1, regm);
+ if (found doesc) {
+ found = escape_uri(r-pool, found);
+ }
+ }
+ else {
+ /* need something non-null */
+ found = pstrdup(r-pool, );
}
}
}
