[Serusers] Fw: Serweb problems - 0.8.12
Andrei Pelinescu-Onciul
pelinescu-onciul at fokus.fraunhofer.de
Wed Nov 26 12:26:59 CET 2003
On Nov 25, 2003 at 14:49, Jim Burwell <jimb at jsbc.cc> wrote:
> Yes. When they changed the permissions on the FIFO, they made it
> inaccessable to the normal Apache user. Too bad they didn't make the
> fifo owner/permissions a config file setting. I just created a group
> called "serfifo", made "apache" a member of it, and put something like
> "(sleep 5; chgrp serfifo $SERFIFO) &" into my SER startup script. This
> waits in the background for five seconds, then changes group ownership
> of the FIFO to one the apache user is a member of. You have to wait a
> few seconds before doing the chgrp, because SER forks immediately on
> start, and can take some time to create the FIFO, so your chgrp can
> actually execute before the FIFO is created (race condition), so you
> must give it a few seconds. The FIFO already has group rw perms as
> created by SER.
Fifo permissions can be changes from the config file. Use
fifo_mode=0666. You could try also to change your ser group (start ser
with -g serinfo or add group=serinfo in the cfg).
We changed the fifo permissions because it introduced some security
problems on multi-user (read untrusted users) systems (DOS on ser using
fifo, overwritting files using fifo and setting the reply fifo to a link
in /tmp to some file elsewhere on the filesystem.). Now also ser will
try to delete & recreate /tmp/fifo on startup to make sure it has the
proper permissions.
Andrei
More information about the sr-users
mailing list