httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: [PATCH] SECURITY: UID of htdocs & icons data
Date Mon, 07 Dec 1998 02:57:40 GMT
On Sun, 6 Dec 1998, Ralf S. Engelschall wrote:

> 
> Here is a patch for PR#3494. Should we also do something for the GID? The
> problem is that we cannot know which GID exists for root? Ok, we can use the
> numerical GID 0 which on mostly all platform corresponds to root.  Ideas?
> 
>                                        Ralf S. Engelschall
>                                        rse@engelschall.com
>                                        www.engelschall.com
> 
> Index: src/CHANGES
> ===================================================================
> RCS file: /e/apache/REPOS/apache-1.3/src/CHANGES,v
> retrieving revision 1.1164
> diff -u -r1.1164 CHANGES
> --- src/CHANGES	1998/12/06 15:40:50	1.1164
> +++ src/CHANGES	1998/12/06 15:56:15
> @@ -1,4 +1,10 @@
>  Changes with Apache 1.3.4
> +
> +  *) SECURITY: When installing Apache under root some files from htdocs/ and
> +     icons/ are installed with the UID/GID of the user who rolled the Apache
> +     tarball and not with the UID of root. When this UID is mapped to an

Don't have a change message saying that things "are" done this way.  It is
quite confusing.  You need to say that they were done that way or
something about it being wrong.



Mime
View raw message