You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Marc Slemko <ma...@znep.com> on 1997/12/22 22:10:57 UTC

[PATCH] remove bogus LockFile warning from docs

None of the issues with placement of the LockFile apply, so the below
warning about the LockFile directive is not necessary.  The only risk is
that someone else could create a file with that name and prevent the
server from starting; well, a lot of files unless they can guess the pid.

Index: core.html
===================================================================
RCS file: /export/home/cvs/apachen/htdocs/manual/mod/core.html,v
retrieving revision 1.87
diff -u -r1.87 core.html
--- core.html	1997/12/14 01:04:56	1.87
+++ core.html	1997/12/22 21:07:52
@@ -1029,9 +1029,6 @@
 must be stored on a local disk</b>.  The PID of the main
 server process is automatically appended to the filename. <p>
 
-The LockFile is subject to the same warnings about log file placement and
-<a href="../misc/security_tips.html#serverroot">security</a>.
-
 <P><HR>
 
 <h2><A name="maxclients">MaxClients directive</A></h2>

Re: [PATCH] remove bogus LockFile warning from docs

Posted by Dean Gaudet <dg...@arctic.org>.

On Mon, 22 Dec 1997, Marc Slemko wrote:

> I really really would suggest that any system which doesn't honor
> O_CREAT|O_EXCL properly is so bogus that it isn't worth thinking about.
> This is far from your only security problem on such a system... the
> problem is that a warnin like what was there directly conflicts with
> advice to "put it in /var/tmp" that we (I) give.

The stuff I'm worried about is what happens with symlinks and
O_CREAT|O_EXCL.  For example:  "ln -s /var/tmp/accept_lock.9999
/etc/nologin".  On a system using flock() this creates a nice DoS.  The
single unix spec doesn't require any symlink tests to be performed. 

Yeah /var/tmp is an easy off-the-cuff answer.  /var/run is probably better
where it exists. 

Dean

Re: [PATCH] remove bogus LockFile warning from docs

Posted by Marc Slemko <ma...@worldgate.com>.

On Mon, 22 Dec 1997, Dean Gaudet wrote:

> Um, sure if you're on a system that does intelligent things with O_CREAT |
> O_EXCL and intervening symlinks.  I don't trust all systems to do that, so
> this warning applies to some folks.  I think just putting a blanket
> warning in there like this is better than us trying to compile/maintain a
> list of systems that do the right thing.

I really really would suggest that any system which doesn't honor
O_CREAT|O_EXCL properly is so bogus that it isn't worth thinking about.
This is far from your only security problem on such a system... the
problem is that a warnin like what was there directly conflicts with
advice to "put it in /var/tmp" that we (I) give.

> 
> DoS alone is a good enough reason for me. 
> 
> Dean
> 
> On Mon, 22 Dec 1997, Marc Slemko wrote:
> 
> > None of the issues with placement of the LockFile apply, so the below
> > warning about the LockFile directive is not necessary.  The only risk is
> > that someone else could create a file with that name and prevent the
> > server from starting; well, a lot of files unless they can guess the pid.
> > 
> > Index: core.html
> > ===================================================================
> > RCS file: /export/home/cvs/apachen/htdocs/manual/mod/core.html,v
> > retrieving revision 1.87
> > diff -u -r1.87 core.html
> > --- core.html	1997/12/14 01:04:56	1.87
> > +++ core.html	1997/12/22 21:07:52
> > @@ -1029,9 +1029,6 @@
> >  must be stored on a local disk</b>.  The PID of the main
> >  server process is automatically appended to the filename. <p>
> >  
> > -The LockFile is subject to the same warnings about log file placement and
> > -<a href="../misc/security_tips.html#serverroot">security</a>.
> > -
> >  <P><HR>
> >  
> >  <h2><A name="maxclients">MaxClients directive</A></h2>
> > 
> > 
>

Re: [PATCH] remove bogus LockFile warning from docs

Posted by Dean Gaudet <dg...@arctic.org>.

Um, sure if you're on a system that does intelligent things with O_CREAT |
O_EXCL and intervening symlinks.  I don't trust all systems to do that, so
this warning applies to some folks.  I think just putting a blanket
warning in there like this is better than us trying to compile/maintain a
list of systems that do the right thing.

DoS alone is a good enough reason for me. 

Dean

On Mon, 22 Dec 1997, Marc Slemko wrote:

> None of the issues with placement of the LockFile apply, so the below
> warning about the LockFile directive is not necessary.  The only risk is
> that someone else could create a file with that name and prevent the
> server from starting; well, a lot of files unless they can guess the pid.
> 
> Index: core.html
> ===================================================================
> RCS file: /export/home/cvs/apachen/htdocs/manual/mod/core.html,v
> retrieving revision 1.87
> diff -u -r1.87 core.html
> --- core.html	1997/12/14 01:04:56	1.87
> +++ core.html	1997/12/22 21:07:52
> @@ -1029,9 +1029,6 @@
>  must be stored on a local disk</b>.  The PID of the main
>  server process is automatically appended to the filename. <p>
>  
> -The LockFile is subject to the same warnings about log file placement and
> -<a href="../misc/security_tips.html#serverroot">security</a>.
> -
>  <P><HR>
>  
>  <h2><A name="maxclients">MaxClients directive</A></h2>
> 
>