[Zope-Coders] new zLOG
Chris McDonough
chrism@zope.com
26 Nov 2002 11:43:52 -0500
On Tue, 2002-11-26 at 11:15, Guido van Rossum wrote:
> > I think it's the right thing to *not* have zdaemon perfom setuid by
> > default if started as root because you may want the child process
> > have privileges to bind to low ports and whatnot and manage its own
> > setuid.
>
> OK, then I'll leave well enough alone.
One thing that may be problematic about this:
- you invoke zdaemon as root without -u in order to start a child
app that manages its own setuid. zdaemon writes a logfile using
the path specified in STUPID_LOG_FILE (as root).
- the child itself uses the STUPID_LOG_FILE envvar to decide where
to write a logfile
- the daemon has already written the logfile as root.
- the child will not be able to write to the event log file after
it performs a setuid.
I think this is a genuine concern. Maybe the answer is "dont do that",
but can you imagine a better solution? I can, but it involves not using
a single envvar to control where the event log file for an application
and all of its is written, which would be fairly invasive.
- C