httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 8683] New: - Insecure file permissions - make install
Date Tue, 30 Apr 2002 22:38:10 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8683>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8683

Insecure file permissions - make install

           Summary: Insecure file permissions - make install
           Product: Apache httpd-1.3
           Version: 1.3.24
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Build
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: jr-apachebugs@quo.to


When you run "make install" as root and it gets to this part:

Copying tree ./htdocs/manual -> /usr/local/apache/htdocs/manual/
Copying tree ./icons/ -> /usr/local/apache/icons/

the files it copies have a user and group id of 1078 -- the id's the files in 
the tar archive had. This isn't really secure because whichever user happens to 
have an id of 1078 can write to the files.

When installed as root, I think all installed files should have a user and 
group id of 0.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message