You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/05/01 00:38:10 UTC

DO NOT REPLY [Bug 8683] New: - Insecure file permissions - make install

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8683>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8683

Insecure file permissions - make install

           Summary: Insecure file permissions - make install
           Product: Apache httpd-1.3
           Version: 1.3.24
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Build
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: jr-apachebugs@quo.to


When you run "make install" as root and it gets to this part:

Copying tree ./htdocs/manual -> /usr/local/apache/htdocs/manual/
Copying tree ./icons/ -> /usr/local/apache/icons/

the files it copies have a user and group id of 1078 -- the id's the files in 
the tar archive had. This isn't really secure because whichever user happens to 
have an id of 1078 can write to the files.

When installed as root, I think all installed files should have a user and 
group id of 0.