httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf S. Engelschall" <...@engelschall.com>
Subject [PATCH] SECURITY: UID of htdocs & icons data
Date Sun, 06 Dec 1998 15:58:29 GMT

Here is a patch for PR#3494. Should we also do something for the GID? The
problem is that we cannot know which GID exists for root? Ok, we can use the
numerical GID 0 which on mostly all platform corresponds to root.  Ideas?

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

Index: src/CHANGES
===================================================================
RCS file: /e/apache/REPOS/apache-1.3/src/CHANGES,v
retrieving revision 1.1164
diff -u -r1.1164 CHANGES
--- src/CHANGES	1998/12/06 15:40:50	1.1164
+++ src/CHANGES	1998/12/06 15:56:15
@@ -1,4 +1,10 @@
 Changes with Apache 1.3.4
+
+  *) SECURITY: When installing Apache under root some files from htdocs/ and
+     icons/ are installed with the UID/GID of the user who rolled the Apache
+     tarball and not with the UID of root. When this UID is mapped to an
+     existing local user this user was able to modify the manual pages and
+     icons. [Ralf S. Engelschall] PR#3494
  
   *) Make generation of src/Configuration.apaci more robust: It failed to
      differenciate between modules when one module name was a postfix of
Index: Makefile.tmpl
===================================================================
RCS file: /e/apache/REPOS/apache-1.3/Makefile.tmpl,v
retrieving revision 1.53
diff -u -r1.53 Makefile.tmpl
--- Makefile.tmpl	1998/12/05 21:10:40	1.53
+++ Makefile.tmpl	1998/12/06 15:52:55
@@ -364,6 +364,9 @@
 		(cd $(root)$(datadir)/htdocs/ && $(TAR) -xf -); \
 		find $(root)$(datadir)/htdocs/ -type d -exec chmod a+rx {} \; ; \
 		find $(root)$(datadir)/htdocs/ -type f -exec chmod a+r {} \; ; \
+		if [ ".`id | grep root`" = . ]; then \
+			find $(root)$(datadir)/htdocs/ -type f -exec chown root {} \; >/dev/null 2>&1;
\
+		fi; \
 	fi
 	-@if [ -f $(root)$(datadir)/cgi-bin/printenv ]; then \
 		echo "[PRESERVING EXISTING DATA SUBDIR: $(root)$(datadir)/cgi-bin/]"; \
@@ -381,6 +384,9 @@
 	(cd $(root)$(datadir)/icons/ && $(TAR) -xf -); \
 	find $(root)$(datadir)/icons/ -type d -exec chmod a+rx {} \; ;\
 	find $(root)$(datadir)/icons/ -type f -exec chmod a+r {} \;
+	if [ ".`id | grep root`" = . ]; then \
+		find $(root)$(datadir)/icons/ -type f -exec chown root {} \; >/dev/null 2>&1;
\
+	fi; \
 	@echo "<=== [data]"
 
 #   create the initial configuration by providing default files

Mime
View raw message