You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/05/01 00:38:10 UTC
DO NOT REPLY [Bug 8683] New: -
Insecure file permissions - make install
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8683>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8683
Insecure file permissions - make install
Summary: Insecure file permissions - make install
Product: Apache httpd-1.3
Version: 1.3.24
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: Other
Component: Build
AssignedTo: bugs@httpd.apache.org
ReportedBy: jr-apachebugs@quo.to
When you run "make install" as root and it gets to this part:
Copying tree ./htdocs/manual -> /usr/local/apache/htdocs/manual/
Copying tree ./icons/ -> /usr/local/apache/icons/
the files it copies have a user and group id of 1078 -- the id's the files in
the tar archive had. This isn't really secure because whichever user happens to
have an id of 1078 can write to the files.
When installed as root, I think all installed files should have a user and
group id of 0.