- Original Message -
> Hi Igor,
>
> I think you are wrong.
>
> I wrote this simple program that does what I suggested:
> #include
> #include
> #include
>
> int main(int argc, char** argv){
>
> uid_t low_uid = 1000;
> uid_t high_uid = getuid();
>
> seteuid(low_uid); // drop privilege
>
Hi Igor,
I think you are wrong.
I wrote this simple program that does what I suggested:
#include
#include
#include
int main(int argc, char** argv){
uid_t low_uid = 1000;
uid_t high_uid = getuid();
seteuid(low_uid); // drop privilege
const char* fileName="test.txt";
FILE* file = fopen(fileNa
- Original Message -
> >
> > What would it do when the file already exists and is owned by root?
> > :)
> >
> >
> > It is hard to distinguish between "file owned by root, but we
> > should
> > append to it" and "file owned by root and the admin made a mistake
> > in
> > the conf file".
> AFAIK, this solves the issue I raised. If I miss any
> point, please let me know.
Your procedure leaves the logfile deleteable by the unprivileged
apache user since they were able to write to the directory to create
it.
-
The o
- Original Message -
> Hi Tom,
>
>
> thanks for the answer. It makes perfect sense.
>
>
> The solution I thought about is a bit more complex. I did not go
> through the Apache code, so below is just a sketch.
>
>
> seteuid(${APACHE_RUN_USER}); //drop privileges
> open(${ErrorLog}); //open
>
> What would it do when the file already exists and is owned by root? :)
>
>
> It is hard to distinguish between "file owned by root, but we should
> append to it" and "file owned by root and the admin made a mistake in
> the conf file". The former is the usual case when starting a server
> wi
On Thu, Nov 24, 2011 at 5:03 PM, Silviu Andrica
wrote:
> Hi Tom,
> thanks for the answer. It makes perfect sense.
> The solution I thought about is a bit more complex. I did not go through the
> Apache code, so below is just a sketch.
> seteuid(${APACHE_RUN_USER}); //drop privileges
> open(${Error
Hi Tom,
thanks for the answer. It makes perfect sense.
The solution I thought about is a bit more complex. I did not go through the
Apache code, so below is just a sketch.
seteuid(${APACHE_RUN_USER}); //drop privileges
open(${ErrorLog}); //open file
seteuid(0); // get back root privileges
chown
On Thu, Nov 24, 2011 at 3:53 PM, silviu andrica
wrote:
> Hi,
>
> I noticed that in Apache/2.2.20 (Ubuntu), the ErrorLog is opened as root,
> although the User is set to ${APACHE_RUN_USER}.
> My concern is that if I make a mistake in ErrorLog, then I can damage any
> file on my system because of a
Hi,
I noticed that in Apache/2.2.20 (Ubuntu), the ErrorLog is opened as root,
although the User is set to ${APACHE_RUN_USER}.
My concern is that if I make a mistake in ErrorLog, then I can damage any
file on my system because of a stupid copy-paste error.
I was wondering what is the reason Apache
10 matches
Mail list logo
