You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Mladen Turk (JIRA)" <ji...@apache.org> on 2010/05/15 10:55:43 UTC

[jira] Created: (TS-352) Do not allow to run as root user unless explicitly compiled

Do not allow to run as root user unless explicitly compiled
-----------------------------------------------------------

                 Key: TS-352
                 URL: https://issues.apache.org/jira/browse/TS-352
             Project: Traffic Server
          Issue Type: Bug
          Components: Config
    Affects Versions: 2.1.1
            Reporter: Mladen Turk
            Assignee: Mladen Turk
             Fix For: 2.1.1


Currently one can specify the proxy.config.admin.user_id=root making the trafficserver to serve all pages under root account.
Check the user_id provided making sure it's uid isn't zero.
Specifying -DBIG_SECURITY_HOLE at build time overrides that check.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (TS-352) Do not allow to run as root user unless explicitly compiled

Posted by "Mladen Turk (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/TS-352?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mladen Turk resolved TS-352.
----------------------------

    Resolution: Fixed

Fixed in the trunk

> Do not allow to run as root user unless explicitly compiled
> -----------------------------------------------------------
>
>                 Key: TS-352
>                 URL: https://issues.apache.org/jira/browse/TS-352
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Config
>    Affects Versions: 2.1.1
>            Reporter: Mladen Turk
>            Assignee: Mladen Turk
>             Fix For: 2.1.1
>
>
> Currently one can specify the proxy.config.admin.user_id=root making the trafficserver to serve all pages under root account.
> Check the user_id provided making sure it's uid isn't zero.
> Specifying -DBIG_SECURITY_HOLE at build time overrides that check.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.