Hosting Provided By

Re: Apache 2.x leaked descriptors

From: jon schatz <jon(at)divisionbyzero.com>
Date: Sat Feb 22 2003 - 17:46:59 EST

Steve Grubb wrote:
> It is normal practice for webhosting companies to put multiple clients on

you can do more than that. unless the web server uses suexec, all the cgi's run as the webserver user, who most likely has:

at least w to all log files for all vhosts (probably r+w) at least r on all webhosting directories at least r+x on all cgi-bin directories

this is (and has been) a known issue for a while. it has periodically been discussed on the apache mailing lists, and i think it came up on bugtraq recently as well.

-jon

-- 
jon@divisionbyzero.com || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus? www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."

Received on Sun Feb 23 18:49:01 2003

This message: [ Message body ]
Next message: Steve Grubb: "Re: Apache 2.x leaked descriptors"
Previous message: Christian Kratzer: "Re: Apache 2.x leaked descriptors"
In reply to Steve Grubb: "Apache 2.x leaked descriptors"
Next in thread: Steve Grubb: "Re: Apache 2.x leaked descriptors"
Reply: Steve Grubb: "Re: Apache 2.x leaked descriptors"
Reply: David M. Wilson: "Re: Apache 2.x leaked descriptors"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:38 EDT