Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 09424C8DE for ; Wed, 12 Mar 2014 18:23:19 +0000 (UTC) Received: (qmail 88553 invoked by uid 500); 12 Mar 2014 18:23:18 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 88520 invoked by uid 500); 12 Mar 2014 18:23:18 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 88512 invoked by uid 99); 12 Mar 2014 18:23:17 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Mar 2014 18:23:17 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Mar 2014 18:23:15 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 0D99A1C82F; Wed, 12 Mar 2014 18:22:54 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: [Bug 56252] New: make install as privileged user creates files not owned by root Date: Wed, 12 Mar 2014 18:22:53 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: Build X-Bugzilla-Version: 2.4.7 X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: business2008+issues.apache.org@rodneybeede.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=56252 Bug ID: 56252 Summary: make install as privileged user creates files not owned by root Product: Apache httpd-2 Version: 2.4.7 Hardware: PC OS: Linux Status: NEW Severity: enhancement Priority: P2 Component: Build Assignee: bugs@httpd.apache.org Reporter: business2008+issues.apache.org@rodneybeede.com When building apache from sources I perform the following commands as a non-privileged user: ./configure --with-included-apr make For the actual install into my PREFIX (/usr/local/apache2) I execute a privileged command of: sudo make install This results in binaries, files, and directories that are NOT owned by root as one might expect. Some example files (all not owned by root): /usr/local/apache2/bin/apachectl /usr/local/apache2/bin/envvars-std /usr/local/apache2/bin/dbmmanage /usr/local/apache2/bin/envvars /usr/local/apache2/bin/apxs /usr/local/apache2/cgi-bin/printenv /usr/local/apache2/cgi-bin/printenv.wsf /usr/local/apache2/cgi-bin/printenv.vbs /usr/local/apache2/cgi-bin/test-cgi Files inside /usr/local/apache2/icons/ /usr/local/apache2/error/include/ Suggestion 1: Modify the build scripts so when running make install any files or directories copied/created have the ownership and group membership set to the effective uid running the make install. Suggestion 2: At the end of make install echo a comment to remind the admin to check the permissions of all the files and directories in PREFIX or wherever they installed for secure values. Suggestion 3: Consider automatically setting the file and directory mode to be more restrictive (e.g. chmod -R o-rwx PREFIX) after the make install. Another option would be to provide a script or another make command that would optionally set locked down secure ownership and permissions. "make install --secure-permissions" or something similar perhaps. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org