Re: [users@httpd] suEXEC verbosity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Joshua Slive wrote:
> Those messages are generated within suexec and since suexec is not
> run-time configurable (for security reasons) they are not
> configurable.  You would need to edit the source code and recompile
> (being careful to heed the warnings about not messing with suexec
> unless you know what you are doing).
> 
> Joshua.

Ok, that's what I did. Inside suexec.c, I just commented the following code:

log_no_err("uid: (%s/%s) gid: (%s/%s) cmd: %s\n",
           target_uname, actual_uname,
           target_gname, actual_gname,
           cmd);

and:

if ((~AP_SUEXEC_UMASK) & 0022) {
    log_err("notice: AP_SUEXEC_UMASK of %03o allows "
             "write permission to group and/or other\n", AP_SUEXEC_UMASK);
   }

While the second one can be safe to delete (it's just a notice about the
umask, since I use the umask setting I don't want to be noticed in
regard of that), the first one may possibly cause some problems, since
the comment above it states:

    /*
     * Log the transaction here to be sure we have an open log
     * before we setuid().
     */

What it concerns me is: if I delete the logging of the transactions,
will suEXEC be able to open the log file if any other error happens?



Regards,

-- 
Fabio Corazza - Engineering
NewBay Software, Ltd.
Wilson House, Fenian Street, Dublin 2, Ireland
Phone: +353 1 634 5490 - e-mail: fabio@xxxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux