[FASTCGI] save a log

Matthew Weigel unique at idempot.net
Sat Aug 14 09:58:48 EDT 2010


On 8/14/2010 6:41 AM, Aron Szabo wrote:
>  Hi Doru!
> 
> You can use syslog this way:
> 
> #include <stdio.h>
> #include <unistd.h>
> #include <syslog.h>
> 
> int main(void) {
> 
>  openlog("slog", LOG_PID|LOG_CONS, LOG_USER);
>  syslog(LOG_INFO, "Hello world!");
>  closelog();
> 
>  return 0;
> }
> 
> In my opinion It's not insecure to have a file to witch the www user can
> write, but don't allow it on the whole directory!

It's a bad idea.  If the user running the application can write to it, then -
if the application is compromised - the attacker can modify the log file.
They can erase the evidence of their existence, or make it look like something
else happened, etc.  If you use syslog to write to a file that the user
running the application can't touch, then you can at least have more faith in
the log up until it was fully compromised.
-- 
 Matthew Weigel
 hacker
 unique & idempot . ent


More information about the FastCGI-developers mailing list