config/4685: http_core.c is wrong (misleading?) about -DBIG_SECURITY_HOLE

[Gordon Lack <gm...@ggr.co.uk>]

>Number:         4685
>Category:       config
>Synopsis:       http_core.c is wrong (misleading?) about -DBIG_SECURITY_HOLE
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          doc-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Jul  2 06:20:01 PDT 1999
>Last-Modified:
>Originator:     gml4410@ggr.co.uk
>Organization:
apache
>Release:        1.3.6
>Environment:
Non-OS-specific (I hit it on 3).
>Description:
NOTE:  This is the problem descibed in PR4584, so this is just additional
info for that.


   The problem described in PR4584 coms about when you wish to run Apache as root.

   You get a message about having to rebuild with -DBIG_SECURITY_HOLE

   The problem is that the message says to add it to src/Configuration.  In fact
(at least when using configure) you need to set CFLAGS in your environment.

   So, the text output from src/main/http_cors.c: line 1902 is wrong, which is what
the bug really is.  This is not mentioned in PR4584.

   
>How-To-Repeat:

>Fix:
   Change the text to reflect the current method of configuring Apache.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]