Re: Apache 2.2.6 weird security issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



William A. Rowe, Jr. wrote:
Ruslan Sivak wrote:
I just upgraded from Apache 2.2.0 to 2.2.6 using the binaries from apachelounge.com. After I put in the new binaries (keeping my config), it refused to start up due to a security failure (no futher information was in the logs). After running Process Monitor, it looks like it was failing at the following place:

Desired Access: Read Data/List Directory, Execute/Traverse, Read Desired Access: Execute/Traverse, Synchronize

Apache runs under the limited user "apache" and has read only access to the bin directory. Why is it trying to CreateFile there? (after giving it full access to that directory, things now work, but I would prefer to not give it access it doesn't need).

Ignore "CreateFile, that means different things.  Apache needs to be able
to /see/ it's own files, and your permissions don't allow it. It needs to load .dll's - so it needs execute access to the contents of bin/ and /modules and traverse/read directory access throughout the filesystem to the program
and to the files that you will serve.

E.g. your parent directory can't be traverse/no read, because if it can't
see the attributes or files, it can't decide if you had really intended
to serve Progra~1/... or Program Files/...


Actually ignore this post. What had happened was that I had the proper permissions on the folder, but when I dragged the files over from the rar archive, I guess it extracted them to the temp folder, and then moved them to the current folder, which didn't set the proper permissions. Once I told it to reapply the permissions, setting just read/execute on that folder for that user worked.

Russ




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux