<p>If you allow non-root users to modify any files that root either
executes or writes on then you open your system to root compromises.
For example, someone could replace the httpd binary so that the next
-time you start it, it will execute some arbitrary code. Or someone
-could overwrite the logs with arbitrary data.
+time you start it, it will execute some arbitrary code. If the logs
+directory is writeable (by a non-root user), someone
+could replace a log file with a symlink to some other system file,
+and then root might overwrite that file with arbitrary data. If the
+log files themselves are writeable (by a non-root user), then someone
+may be able to overwrite the log itself with bogus data.
<P>
<HR>
<H2>Server Side Includes</H2>
<blockquote><code>ErrorLog /dev/null</code></blockquote>
This effectively turns off error logging.<p>
-SECURITY: See the <A HREF="../misc/security_tips.html">security tips</A>
+SECURITY: See the <A HREF="../misc/security_tips.html#serverroot">security tips</A>
document for details on why your security could be compromised if
the directory where logfiles are stored is writable by anyone other
than the user that starts the server.
Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be
left at its default value. The main reason for changing it is if
-the <code>logs</code> directory is NFS mounted, since the lockfile
-should be stored on a local disk if possible. The PID of the main
-server process is automatically appended to the filename.
+the <code>logs</code> directory is NFS mounted, since <b>the lockfile
+must be stored on a local disk</b>. The PID of the main
+server process is automatically appended to the filename. <p>
+
+The LockFile is subject to the same warnings about log file placement and
+<a href="../misc/security_tips.html#serverroot">security</a>.
<P><HR>
signal to the process id listed in the PidFile.<p>
The PidFile is subject to the same warnings about log file placement and
-<a href="../misc/security_tips.html">security</a>.
+<a href="../misc/security_tips.html#serverroot">security</a>.
<p><hr>
The ServerRoot directive sets the directory in which the server lives.
Typically it will contain the subdirectories <code>conf/</code> and
<code>logs/</code>. Relative paths for other configuration files are taken
-as relative to this directory.<br>
-See also <a href="../invoking.html">the <code>-d</code> option to httpd</a>.<p><hr>
+as relative to this directory.<p>
+
+See also <a href="../invoking.html">the <code>-d</code> option to httpd</a>.<p>
+See also <a href="../misc/security_tips.html#serverroot">the security tips</a>
+for information on how to properly set permissions on the ServerRoot.<p>
+
+<hr>
<h2><A name="servertype">ServerType directive</A></h2>
<!--%plaintext <?INDEX {\tt ServerType} directive> -->
<h2>Security Considerations</h2>
-See the <A HREF="../misc/security_tips.html">security tips</A> document
-for details on why your security could be compromised if the directory
-where logfiles are stored is writable by anyone other than the user
-that starts the server.
+See the <A HREF="../misc/security_tips.html#security">security tips</A>
+document for details on why your security could be compromised if the
+directory where logfiles are stored is writable by anyone other than
+the user that starts the server.
<p>
<h2>Directives</h2>
projects / thirdparty / apache / httpd.git / commitdiff
