UN*X filesystem && bezpecnost

[Libor Pechacek]

Pri procitani manualu Apache jsem narazil na 'Security Tips'.  Hned prvni
sekce, zovouci se 'Permissions on Log File Directories' me zaujala.

Pise se tam:
When Apache starts, it opens the log files as the user who started the
server before switching to the user defined in the User directive. Anyone
who has write permission for the directory where any log files are being
written to can append pseudo-arbitrary data to any file on the system
which is writable to the user who starts Apache. Since the server is
normally started by root, you should NOT give anyone write permission to
the directory where logs are stored unless you want them to have root
access.

Nemam zadny napad, jak to muze fungovat.  Tim, ze si vytvorim soubor v
adresari, nebo tam nejaky znicim (odlinkuju), nemuzu spachat to, co je v
predchozim textu popsano.

Jedine co me napada je, ze si ve svym $HOME (ci jinde, kde muzu) stvorim
hardlink na nektery z logu, log znicim a mam k dispozici inode s uid 0.
To mi ale nezajisti, abych si tam mohl neco hezkyho (kod shellu) zapsat.

Ten kod by se tam dal zapsat jen skrz Apache.  Nevim ale jak a stejne si
myslim, ze by to bylo k nicemu.

Vi nekdo, jak to funguje?  Budu vdecen, kdyz mi to (alespon naznakove)
objasni.

				Predem dik,
						Libor