Received: (qmail 67618 invoked by uid 501); 11 Jun 2001 08:07:42 -0000 Message-Id: <20010611080742.67607.qmail@apache.org> Date: 11 Jun 2001 08:07:42 -0000 From: Daniel Matuschek Reply-To: daniel.matuschek@swisscom.com To: submit@bugz.apache.org Subject: split-logfile can be used to write to any file X-Send-Pr-Version: 3.110 >Number: 7848 >Category: general >Synopsis: split-logfile can be used to write to any file >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Jun 11 01:10:00 PDT 2001 >Closed-Date: Sun Jul 29 14:40:09 PDT 2001 >Last-Modified: Sun Jul 29 14:40:09 PDT 2001 >Originator: daniel.matuschek@swisscom.com >Release: 1.3.x >Organization: >Environment: any >Description: If you try to connect to a virtual host starting with a "/" this will result in an error BUT will add a line to the access file. If one uses split-logfiles to separate the logfile by host name, it is possible to append these log lines to any file in the filesystem that is writable by the user that is running split-logfile >How-To-Repeat: telnet somewhere 80 GET / HTTP/1.0 Host: / >Fix: add the line if ($vhost =~ /\//) { $vhost="access" } >Release-Note: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Sun Jul 29 14:40:09 PDT 2001 State-Changed-Why: Fixed, thanks for the report. >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]