Bug 130632 - webalizer runs as root! Bad!
webalizer runs as root! Bad!
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: webalizer (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-23 01:10 EDT by Anchor Systems Managed Hosting
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-21 11:44:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Anchor Systems Managed Hosting 2004-08-23 01:10:44 EDT
Description of problem:
The cron job runs as root.

Version-Release number of selected component (if applicable):
2.01_10-22

How reproducible:
100 %

Steps to Reproduce:
1. Run apache to get logs
2. Run webalizer
  
Actual results:
Webalizer files owned by root.

Expected results:
Webalizer files owned by webalizer.

Additional info:
It would be nice if anaconda enabled posix ACL's on /var and used
them to allow webalizer user access to Apache logs.
Comment 1 Joe Orton 2004-11-02 11:14:53 EST
It would be simplest to make webalizer go setuid(webalizer) after
opening input and/or output files, this would mitigate any security
issues in the log file parsing code.
Comment 2 Joe Orton 2004-11-10 05:48:46 EST
Marking as enhancement.  It's actually not simple to do that either.
Comment 3 Matthew Miller 2005-04-26 11:43:04 EDT
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Comment 4 Joe Orton 2005-06-21 11:44:32 EDT
[This is a mass bug update]

Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 or FC4 updates,
reopen and change the version to match.

Note You need to log in before you can comment on or make changes to this bug.