httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@hyperreal.com>
Subject cvs commit: apache/src CHANGES http_core.c
Date Sat, 28 Jun 1997 20:10:14 GMT
dgaudet     97/06/28 13:10:14

  Modified:    src       CHANGES http_core.c
  Log:
  -DBIG_SECURITY_HOLE now required to run apache as root.
  
  Revision  Changes    Path
  1.300     +4 -1      apache/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apache/src/CHANGES,v
  retrieving revision 1.299
  retrieving revision 1.300
  diff -C3 -r1.299 -r1.300
  *** CHANGES	1997/06/28 19:55:16	1.299
  --- CHANGES	1997/06/28 20:10:11	1.300
  ***************
  *** 23,32 ****
         (headers, readmes, titles), mod_negotiation (type maps), or
         mod_cern_meta (meta files).  [Dean Gaudet]
    
      *) CONFIG: "HostnameLookups" now defaults to off because it is far better
         for the net if we require people that actually need this data to
         enable it.  [Linus Torvalds]
  !   
      *) mod_include was not properly changing the current directory.
         [Marc Slemko] PR#742
    
  --- 23,35 ----
         (headers, readmes, titles), mod_negotiation (type maps), or
         mod_cern_meta (meta files).  [Dean Gaudet]
    
  +   *) SECURITY: Apache will refuse to run as "User root" unless
  +      BIG_SECURITY_HOLE is defined at compile time.  [Dean Gaudet]
  + 
      *) CONFIG: "HostnameLookups" now defaults to off because it is far better
         for the net if we require people that actually need this data to
         enable it.  [Linus Torvalds]
  ! 
      *) mod_include was not properly changing the current directory.
         [Marc Slemko] PR#742
    
  
  
  
  1.85      +15 -1     apache/src/http_core.c
  
  Index: http_core.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_core.c,v
  retrieving revision 1.84
  retrieving revision 1.85
  diff -C3 -r1.84 -r1.85
  *** http_core.c	1997/06/17 00:09:13	1.84
  --- http_core.c	1997/06/28 20:10:12	1.85
  ***************
  *** 889,897 ****
    	else {
    	    cmd->server->server_uid = user_id;
    	    fprintf(stderr,
  ! 		    "Warning: User directive in <VirtualHost> requires SUEXEC wrapper.\n");
    	}
        }
    
        return NULL;
    }
  --- 889,911 ----
    	else {
    	    cmd->server->server_uid = user_id;
    	    fprintf(stderr,
  ! 		"Warning: User directive in <VirtualHost> "
  ! 		"requires SUEXEC wrapper.\n");
    	}
        }
  + #if !defined (BIG_SECURITY_HOLE)
  +     if (cmd->server->server_uid == 0) {
  + 	fprintf (stderr,
  + "Error:\tApache has not been designed to serve pages while running\n"
  + "\tas root.  There are known race conditions that will allow any\n"
  + "\tlocal user to read any file on the system.  Should you still\n"
  + "\tdesire to serve pages as root then add -DBIG_SECURITY_HOLE to\n"
  + "\tthe EXTRA_CFLAGS line in your src/Configuration file and rebuild\n"
  + "\tthe server.  It is strongly suggested that you instead modify the\n"
  + "\tUser directive in your httpd.conf file to list a non-root user.\n");
  + 	exit (1);
  +     }
  + #endif
    
        return NULL;
    }
  
  
  

Mime
View raw message