You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Keith Stevenson <kt...@homer.louisville.edu> on 1997/09/16 00:30:03 UTC

suexec/1138: suExec uses too much privilege to do its logging

>Number:         1138
>Category:       suexec
>Synopsis:       suExec uses too much privilege to do its logging
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Mon Sep 15 15:30:03 1997
>Originator:     ktstev01@homer.louisville.edu
>Organization:
apache
>Release:        1.2.0
>Environment:
HP-UX 10.10
Apache compiled with suExec by HP cc compiler
>Description:
suExec logs with root privilege.  This could allow a misconfigured binary to
do some serious damage to the operating system.
>How-To-Repeat:
According to Jason Dour this behavior is by design.
>Fix:
I suggest that suExec fork a sub-process to do the actual logging.
The sub-process should change its uid to be that of the uid running the httpd
before creating/appending to the suExec log file.
I realize that this is more work on the programming side, but it would make
the suExec module safer to run
>Audit-Trail:
>Unformatted: