Bugtraq mailing list archives
apache+ssl 1.13 symlink problem
From: ondrej () EUREXA CZ (Ondrej Suchy)
Date: Tue, 24 Mar 1998 17:43:21 +0000
Hi all.
Sorry if this was already mentioned, but ...
Apache SSL server has similar symlink problem as updatedb (and thousands
of others programs).
I don't know about the other versions, but at least ssl 1.13 patch for
apache 1.2.5 contains following line in default configuration:
SSLLogFile /tmp/ssl.log
which makes httpsd log it's activity to that file. Any file can be
linked to /tmp/ssl.log and httpsd will happily append something like
"CIPHER is blah-blah" to it.
I could not make it to root access, but I can't say it's impossible.
(Maybe through .rhosts?)
Note that this problem is not affected by setting the User and Group
directives in the configuration to nobody or other unprivileged user,
since httpd often starts as root, writes to log files and THEN changes
its uid.
(There is probably the same problem with /tmp/ssldebug log file, I
didn't test it.)
Regards
Ondrej
--
--------------------------------------------------------
Ondrej Suchy
--------------------------------------------------------
ondrej.suchy () saltek cz
http://home.onestop.net/volkifan
--------------------------------------------------------
Current thread:
- RAS 'save password' problems... Aleph One (Mar 20)
- Re: RAS 'save password' problems... David LeBlanc (Mar 22)
- Way to stop /tmp races Pavel Machek (Mar 21)
- Re: RAS 'save password' problems... martin Dolphin (Mar 23)
- buffer overflow with a twist bjorn smedman (Mar 24)
- ncftp 2.4.3 overflow / su killing Michal Zalewski (Mar 24)
- apache+ssl 1.13 symlink problem Ondrej Suchy (Mar 24)
- <Possible follow-ups>
- Re: RAS 'save password' problems... Noam Ben-Yochanan (Mar 22)
- Re: RAS 'save password' problems... martin Dolphin (Mar 22)
- Re: RAS 'save password' problems... David LeBlanc (Mar 22)