www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Murdock <sc...@blairlake.com>
Subject general/4728: .htpasswd file can be wiped out if filesystem full
Date Wed, 14 Jul 1999 15:33:33 GMT

>Number:         4728
>Category:       general
>Synopsis:       .htpasswd file can be wiped out if filesystem full
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Jul 14 08:40:01 PDT 1999
>Originator:     scott@blairlake.com
Linux 2.1.24 #129 Thu Jul 9 13:35:11 EST 1998 ppc unknown
If the .htpasswd file is on a filesystem that has become full, then if the "htpasswd" binary
is executed to add a new web user the existing data in ,htpasswd will be wiped out before
the binary realizes the filesystem is full and aborts with an error.
Fill the filesystem that ".htpasswd" sits on, then try to add a new username via the "htpassed"
Have the binary somehow test to see if it can completely write the new ".htpasswd" file before
it actually opens ".htpasswd" for writing.
[In order for any reply to be added to the PR database, you need]
[to include <apbugs@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]

View raw message