Return-Path: Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: (qmail 92544 invoked from network); 28 Feb 2005 07:04:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 28 Feb 2005 07:04:25 -0000 Received: (qmail 74653 invoked by uid 500); 28 Feb 2005 07:04:24 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 74604 invoked by uid 500); 28 Feb 2005 07:04:23 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Reply-To: "Apache HTTPD Bugs Notification List" Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 74587 invoked by uid 99); 28 Feb 2005 07:04:23 -0000 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received: from ajax-1.apache.org (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.28) with ESMTP; Sun, 27 Feb 2005 23:04:22 -0800 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (8.12.11/8.12.11) with ESMTP id j1S74Ji4025454 for ; Mon, 28 Feb 2005 08:04:19 +0100 Received: (from nobody@localhost) by ajax.apache.org (8.12.11/8.12.11/Submit) id j1S74I2V025452; Mon, 28 Feb 2005 08:04:18 +0100 Date: Mon, 28 Feb 2005 08:04:18 +0100 Message-Id: <200502280704.j1S74I2V025452@ajax.apache.org> From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: DO NOT REPLY [Bug 33765] New: - htdigest creates digest files suid/sgid X-Bugzilla-Reason: AssignedTo X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=33765 Summary: htdigest creates digest files suid/sgid Product: Apache httpd-2.0 Version: 2.0.52 Platform: PC OS/Version: FreeBSD Status: NEW Severity: normal Priority: P2 Component: support AssignedTo: bugs@httpd.apache.org ReportedBy: chris+apache@chrullrich.de htdigest creates its digest files with both suid and sgid bits set. I traced its execution and noticed that it actually tries to create the file with full 07777 permissions, but the FreeBSD kernel ignores sticky, because it's a regular file. In htdigest.c is a call to apr_file_open() for the digest file, with -1 in the perm argument. htpasswd, which uses APR_OS_DEFAULT for the perm argument, creates its files with proper permissions. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org