You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rob Hartill <ha...@hyperreal.com> on 1995/10/01 00:40:34 UTC

Apache Bugfix: v0.8.14 was not running setuid properly (fwd)

Forwarded message:
> From rws@ukc.ac.uk  Sat Sep 30 06:00:55 1995
> To: apache-bugs@apache.org
> Cc: ihc@ukc.ac.uk, djw2@ukc.ac.uk
> Subject: Apache Bugfix: v0.8.14 was not running setuid properly
> X-Address: Computing Laboratory, The University, Canterbury, Kent,
> X-Address: CT2 7NF, United Kingdom.
> X-Phone: +44 1227 764000 (x.3822)
> X-Url: http://alethea.ukc.ac.uk/wp?94rws
> Date: Sat, 30 Sep 1995 14:00:30 +0100
> Message-Id: <24...@cypress.ukc.ac.uk>
> From: Royston Shufflebotham <rw...@ukc.ac.uk>
> 
> 
> There's a problem with the Apache server when running -setuid- root
> (i.e. real user not root). The tests for running as root in
> http_main.c check the real userid, not the effective userid.
> 
> As such, if running euid root, all child processes stay euid root.. a
> slight security problem.
> 
> Patch at the end of this email..
> 
> Btw - it also corrects the style
>     if (!geteuid())
> to
>     if (geteuid()==0)
> 
> It's a bit more explicit, and will (-should-!) compile to the same..
> 
> 
> ---->8-cut-here--->8---
> diff -cr apache_0.8.14/src/http_main.c apache_0.8.14.bugfixed/src/http_main.c
> *** apache_0.8.14/src/http_main.c	Tue Sep 19 17:05:01 1995
> --- apache_0.8.14.bugfixed/src/http_main.c	Sat Sep 30 13:45:32 1995
> ***************
> *** 590,596 ****
>     
>   static void set_group_privs()
>   {
> !   if(!getuid()) {
>       char *name;
>     
>       /* Get username if passed as a uid */
> --- 590,596 ----
>     
>   static void set_group_privs()
>   {
> !   if(geteuid()==0) {
>       char *name;
>     
>       /* Get username if passed as a uid */
> ***************
> *** 743,749 ****
>       reopen_scoreboard (pconf);
>   
>       /* Only try to switch if we're running as root */
> !     if(!getuid() && setuid(user_id) == -1) {
>           log_error ("unable to change uid", server_conf);
>   	exit (1);
>       }
> --- 743,749 ----
>       reopen_scoreboard (pconf);
>   
>       /* Only try to switch if we're running as root */
> !     if((geteuid()==0) && setuid(user_id) == -1) {
>           log_error ("unable to change uid", server_conf);
>   	exit (1);
>       }
> ---->8-cut-here--->8---
> 
> 
> Regards,
>  Royston Shufflebotham
> 
> P.S. Could you please correct the mis-spelling of my Christian name in
> the Apache changelog? (and leave my surname spelt correctly!!) I've
> resisted the temptation of supplying a patch file for that.. :-)
>