apache+ssl 1.13 symlink problem

From: Ondrej Suchy (ondrejat_private)
Date: Tue Mar 24 1998 - 09:43:21 PST

Next message: Pavel Machek: "Way to stop /tmp races"

Previous message: Michal Zalewski: "ncftp 2.4.3 overflow / su killing"
Next in thread: Ben Laurie: "Re: apache+ssl 1.13 symlink problem"
Reply: Ben Laurie: "Re: apache+ssl 1.13 symlink problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all.
Sorry if this was already mentioned, but ...

Apache SSL server has similar symlink problem as updatedb (and thousands

of others programs).
I don't know about the other versions, but at least ssl 1.13 patch for
apache 1.2.5 contains following line in default configuration:
  SSLLogFile   /tmp/ssl.log
which makes httpsd log it's activity to that file. Any file can be
linked to /tmp/ssl.log and httpsd will happily append something like
"CIPHER is blah-blah" to it.
I could not make it to root access, but I can't say it's impossible.
(Maybe through .rhosts?)

Note that this problem is not affected by setting the User and Group
directives in the configuration to nobody or other unprivileged user,
since httpd often starts as root, writes to log files and THEN changes
its uid.

(There is probably the same problem with /tmp/ssldebug log file, I
didn't test it.)


Regards

    Ondrej


--

--------------------------------------------------------
Ondrej Suchy
--------------------------------------------------------
ondrej.suchyat_private
http://home.onestop.net/volkifan
--------------------------------------------------------

Next message: Pavel Machek: "Way to stop /tmp races"
Previous message: Michal Zalewski: "ncftp 2.4.3 overflow / su killing"
Next in thread: Ben Laurie: "Re: apache+ssl 1.13 symlink problem"
Reply: Ben Laurie: "Re: apache+ssl 1.13 symlink problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:59 PDT