httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf S. Engelschall" <...@engelschall.com>
Subject Re: [PATCH] SECURITY: UID of htdocs & icons data
Date Sun, 06 Dec 1998 19:00:40 GMT

In article <19981206192922.A8413@engelschall.com> you wrote:

> In article <Pine.LNX.4.03.9812061219370.25675-100000@gaia.vr.net> you wrote:
>> On Sun, 6 Dec 1998, Ralf S. Engelschall wrote:

>>> +  *) SECURITY: When installing Apache under root some files from htdocs/ and
>>> +     icons/ are installed with the UID/GID of the user who rolled the Apache
>>> +     tarball and not with the UID of root. When this UID is mapped to an
>>> +     existing local user this user was able to modify the manual pages and
>>> +     icons. [Ralf S. Engelschall] PR#3494

>> I fix this in the release tarballs I roll (for WU-FTPD, not Apache) by
>> rolling them _as_ root (dunno, never looked to see if tar has an option
>> for clearing the UID/GID in the tarball).  That way when un-tar'd by root
>> the UID and GID are root and when by anyone else they're the user's.  I
>> consider that a policy of 'least surprise'.  It always bothers me when, as
>> root, I un-tar a package and the files end up owned by some UID/GID which
>> doesn't even exist on my system or, worse yet, owned by one of my
>> customers.

>> Fixing this at install time is a fine backstop (yes, set the GID to 0) but
>> it should be fixed in the 'howto release'.

> Interesting solution. But currently those who roll the Apache tarballs
> have not root access on the machine they usually roll it. Nevertheless
> a good idea...

Hey, Gregory had a good idea (in a private mail to me): We can use a tool to
fixup the UID/GID in the generated tarball. This can be done without root
permissions. And there _IS_ already such a tarball post-processing tool:
Tardy. It can be found under ftp://ftp.agso.gov.au/pub/Aegis/. I already use
it for all my own distribution tarballs (ePerl, WML, mod_ssl) to fixup the 
UID/GID. You just filter the tarball through it before compressing it
with gzip. For instance I use it for mod_ssl this way:

 tar cvf - .... |\
 tardy --user_number=1000  --user_name=rse \
       --group_number=1000 --group_name=mod_ssl |\
 gzip -9 ...

When Brian would install this little tool on taz.apache.org
we could use it for fixing the tarball. I'm +1 on this idea.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

Mime
View raw message