Hi all. Sorry if this was already mentioned, but ... Apache SSL server has similar symlink problem as updatedb (and thousands of others programs). I don't know about the other versions, but at least ssl 1.13 patch for apache 1.2.5 contains following line in default configuration: SSLLogFile /tmp/ssl.log which makes httpsd log it's activity to that file. Any file can be linked to /tmp/ssl.log and httpsd will happily append something like "CIPHER is blah-blah" to it. I could not make it to root access, but I can't say it's impossible. (Maybe through .rhosts?) Note that this problem is not affected by setting the User and Group directives in the configuration to nobody or other unprivileged user, since httpd often starts as root, writes to log files and THEN changes its uid. (There is probably the same problem with /tmp/ssldebug log file, I didn't test it.) Regards Ondrej -- -------------------------------------------------------- Ondrej Suchy -------------------------------------------------------- ondrej.suchyat_private http://home.onestop.net/volkifan --------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:59 PDT