httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r542747 - /httpd/mod_ftp/trunk/patches/ftp.patch
Date Wed, 30 May 2007 04:22:57 GMT
Author: wrowe
Date: Tue May 29 21:22:53 2007
New Revision: 542747

URL: http://svn.apache.org/viewvc?view=rev&rev=542747
Log:
Before extending the server directives with a richer ftp.patch, 
scare the bejebus out of them.

Modified:
    httpd/mod_ftp/trunk/patches/ftp.patch

Modified: httpd/mod_ftp/trunk/patches/ftp.patch
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/patches/ftp.patch?view=diff&rev=542747&r1=542746&r2=542747
==============================================================================
--- httpd/mod_ftp/trunk/patches/ftp.patch (original)
+++ httpd/mod_ftp/trunk/patches/ftp.patch Tue May 29 21:22:53 2007
@@ -1,3 +1,23 @@
+#
+# WARNING: This patch enables the administrator to specify inbound
+# ftp-data port 20, ftps-data port 990, or other desired data ports,
+# and whichever outbound low numbered port bindings are desired to
+# avoid firewall issues.  It does so by allowing each child worker
+# to seteuid back-to-root in order to bind to lower numbered ports,
+# whereupon mod_ftp will again seteuid to the configured User.
+#
+# That said, this patch also allows any remote code execution 0day
+# flaw or untrusted web server application to seteuid() BACK TO ROOT.
+# This is a serious issue that can't be understated.
+#
+# The httpd project STRONGLY RECOMMENDS YOU DO NOT APPLY THIS PATCH
+# and absolutely DO NOT APPLY IT if you allow arbitrary users to submit
+# perl, php and similar scripts for execution on your server.  It is
+# worth the time to configure your firewalls appropriately to permit
+# traffic through higher numbered data ports (above port 1023).
+#
+# YOU HAVE BEEN WARNED
+#
 Index: os/unix/unixd.c
 ===================================================================
 RCS file: /home/cvs/httpd-2.0/os/unix/unixd.c,v



Mime
View raw message