You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by Dean Gaudet <dg...@hyperreal.com> on 1997/06/28 22:10:14 UTC
cvs commit: apache/src CHANGES http_core.c
dgaudet 97/06/28 13:10:14
Modified: src CHANGES http_core.c
Log:
-DBIG_SECURITY_HOLE now required to run apache as root.
Revision Changes Path
1.300 +4 -1 apache/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache/src/CHANGES,v
retrieving revision 1.299
retrieving revision 1.300
diff -C3 -r1.299 -r1.300
*** CHANGES 1997/06/28 19:55:16 1.299
--- CHANGES 1997/06/28 20:10:11 1.300
***************
*** 23,32 ****
(headers, readmes, titles), mod_negotiation (type maps), or
mod_cern_meta (meta files). [Dean Gaudet]
*) CONFIG: "HostnameLookups" now defaults to off because it is far better
for the net if we require people that actually need this data to
enable it. [Linus Torvalds]
!
*) mod_include was not properly changing the current directory.
[Marc Slemko] PR#742
--- 23,35 ----
(headers, readmes, titles), mod_negotiation (type maps), or
mod_cern_meta (meta files). [Dean Gaudet]
+ *) SECURITY: Apache will refuse to run as "User root" unless
+ BIG_SECURITY_HOLE is defined at compile time. [Dean Gaudet]
+
*) CONFIG: "HostnameLookups" now defaults to off because it is far better
for the net if we require people that actually need this data to
enable it. [Linus Torvalds]
!
*) mod_include was not properly changing the current directory.
[Marc Slemko] PR#742
1.85 +15 -1 apache/src/http_core.c
Index: http_core.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_core.c,v
retrieving revision 1.84
retrieving revision 1.85
diff -C3 -r1.84 -r1.85
*** http_core.c 1997/06/17 00:09:13 1.84
--- http_core.c 1997/06/28 20:10:12 1.85
***************
*** 889,897 ****
else {
cmd->server->server_uid = user_id;
fprintf(stderr,
! "Warning: User directive in <VirtualHost> requires SUEXEC wrapper.\n");
}
}
return NULL;
}
--- 889,911 ----
else {
cmd->server->server_uid = user_id;
fprintf(stderr,
! "Warning: User directive in <VirtualHost> "
! "requires SUEXEC wrapper.\n");
}
}
+ #if !defined (BIG_SECURITY_HOLE)
+ if (cmd->server->server_uid == 0) {
+ fprintf (stderr,
+ "Error:\tApache has not been designed to serve pages while running\n"
+ "\tas root. There are known race conditions that will allow any\n"
+ "\tlocal user to read any file on the system. Should you still\n"
+ "\tdesire to serve pages as root then add -DBIG_SECURITY_HOLE to\n"
+ "\tthe EXTRA_CFLAGS line in your src/Configuration file and rebuild\n"
+ "\tthe server. It is strongly suggested that you instead modify the\n"
+ "\tUser directive in your httpd.conf file to list a non-root user.\n");
+ exit (1);
+ }
+ #endif
return NULL;
}