Andrew Hutchings wrote: > In article <468BE67E.5050504@xxxxxxxxxxxxx> > jochem@xxxxxxxxxxxxx(Jochem Maas) wrote: > >> > OK, well, for example page 3 of the book suggests making >> PHP output > errors into Apache's error_log. To do this on Linux >> it means PHP> would have to be run as root. >> >> huh? funny thing is that on all the machines I work with Apache >> runs under it own user (apart from at start up when it briefly urns >> as root before switching), I run php as an Apache module (I'm >> assuming we're not talking about php cli given that we're mentioning >> Apache), this means php is running in the context of the apache >> user.... and btw is quite capable of logging to the Apache error_log > > Exactly, the initial process runs as root, and this is the process > that does the logging, it would be another security issue to have your > logs set as apache's owner. PHP is run as apache's user (unless you > use something suPHP) so if you use PHP's error handler function (not > the thing that sends data to the error logs) to write to apache's logs > they would either have to be owned by apache or php would have to run > as root. ok - I didn't realise the logging occurs under a root user process, I checked and can confirm that you are correct in that respect. I would assume though that Chris was referring to the use of error_log() which would mean php doesn't need any direct access to the log file - the 'log error' request is handed off to apache (which I'll assume securely manages to hand the request off to the root process that performs the actual write). therefore using error_log(), at least, doesn't pose a direct threat (a flaw may exist at the apache level but that is not something php can do much about - and as such any apache module would suffer from the same problem). If Chris did mean that one could/should write to apache's error_log() manually (i.e. not via error_log()) then I think that would constitute an incorrect advisement - giving read/write access to a webprocess for a file that should be accessible only by root doesn't seem right :-). Maybe Chris picks this thread up and offers some clarity on the matter, I'm sure he'd be the first to admit a mistake and take on board new/improved procedures. To give him credit it's probably quite tough to be one of only a very few 'php security' guys ... everything he says is taken apart with a fine toothcomb and being a kind of 'frontman' he takes all the flack, such is life. > You are entitled to your opinions, and I am entitled to mine. If you ai. > believe I am spreading FUD, so be it. okay, FUD might have been too strong a word - it puts you in the same league as Steve Ballmer and that probably not fair at all :-) > But that example _is_ a > security flaw. <tangent> the greatest flaw regarding security is to assume that it exists at all ... those understand this won't need to comment, those that don't please forget I said anything. :-) </tangent> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
