You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2017/10/18 14:22:56 UTC

[Bug 61631] New: htpasswd -v option should require read and not read-write for password file

https://bz.apache.org/bugzilla/show_bug.cgi?id=61631

            Bug ID: 61631
           Summary: htpasswd -v option should require read and not
                    read-write for password file
           Product: Apache httpd-2
           Version: 2.4.7
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: support
          Assignee: bugs@httpd.apache.org
          Reporter: aikidoguy@gmail.com
  Target Milestone: ---

Steps to reproduce on Ubuntu (where the bug was observed):
1) htpasswd –c htpasswd.site User.Name
2) chmod 444 htpasswd.site
3) htpasswd -v htpasswd.site User.Name

htpasswd: cannot open file htpasswd.site for read/write access

The htpasswd application fails to verify the password and seems to require the
htpasswd.site file to be readable and writable.

It was expected that the htpasswd program only needs to be able to read the
file's contents and does not need write permission in order to verify if a
provided password is valid or not.

The following command does not provide version information for the installed
program: htpasswd --version

"man htpasswd" provides the Apache HTTP Server date as 2013-07-06

"apt-cache policy apache2" provides the installed version as
2.4.7-1ubuntu4.18.0

"apache2 -v" provides server version is Apache/2.4.7 (Ubuntu) and built Sep 18
2017 16:37:54

It is unknown if the issue occurs on other platforms.

Possibly related to Bug 45923 – htpasswd tries to open(file, O_RDONLY |
O_APPEND)

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 61631] htpasswd -v option should require read and not read-write for password file

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=61631

Joe Orton <jo...@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #1 from Joe Orton <jo...@redhat.com> ---
Thanks, fixed in r1812756.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org