The following reply was made to PR mod_log-any/2085; it has been noted by GNATS.
From: Marc Slemko <[EMAIL PROTECTED]> To: Phil Rosenthal <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: mod_log-any/2085: Logfiles provide a big backdoor in apache v* Date: Mon, 20 Apr 1998 18:16:03 -0600 (MDT) On 20 Apr 1998, Phil Rosenthal wrote: > >Description: > I was trying to hack my box (just to see if/how others could), and I found > a very big, and dangerous flaw... > I had a logfiles directory for every user where they had all the standard > Apache logs... Note that this is not a bug and is well known and documented explicitly. I'm not sure that adding an option to have the logfiles written by a different user helps that much because the people who don't read the docs won't know about this open either.
