[6388] in bugtraq
apache+ssl 1.13 symlink problem
daemon@ATHENA.MIT.EDU (Ondrej Suchy)
Tue Mar 24 13:31:06 1998
Date: Tue, 24 Mar 1998 17:43:21 +0000
Reply-To: Ondrej Suchy <ondrej@EUREXA.CZ>
From: Ondrej Suchy <ondrej@EUREXA.CZ>
To: BUGTRAQ@NETSPACE.ORG
Hi all.
Sorry if this was already mentioned, but ...
Apache SSL server has similar symlink problem as updatedb (and thousands
of others programs).
I don't know about the other versions, but at least ssl 1.13 patch for
apache 1.2.5 contains following line in default configuration:
SSLLogFile /tmp/ssl.log
which makes httpsd log it's activity to that file. Any file can be
linked to /tmp/ssl.log and httpsd will happily append something like
"CIPHER is blah-blah" to it.
I could not make it to root access, but I can't say it's impossible.
(Maybe through .rhosts?)
Note that this problem is not affected by setting the User and Group
directives in the configuration to nobody or other unprivileged user,
since httpd often starts as root, writes to log files and THEN changes
its uid.
(There is probably the same problem with /tmp/ssldebug log file, I
didn't test it.)
Regards
Ondrej
--
--------------------------------------------------------
Ondrej Suchy
--------------------------------------------------------
ondrej.suchy@saltek.cz
http://home.onestop.net/volkifan
--------------------------------------------------------
