www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nicholas berry <nbe...@corp.jps.net>
Subject config/5587: cannot run httpd as root
Date Fri, 14 Jan 2000 20:06:35 GMT

>Number:         5587
>Category:       config
>Synopsis:       cannot run httpd as root
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Jan 14 12:10:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     nberry@corp.jps.net
>Release:        1.3.9
>Organization:
apache
>Environment:
BSD/OS corpweb8.jps.net 4.0.1 BSDI BSD/OS 4.0.1 Kernel #0: Fri Aug 20 19:55:58 PDT 1999  
  root@corpweb8.jps.net:/usr/src/sys/compile/LOCAL  i386
>Description:
Error:  Apache has not been designed to serve pages while
        running as root.  There are known race conditions that
        will allow any local user to read any file on the system.
        If you still desire to serve pages as root then
        add -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS line in your
        src/Configuration file and rebuild the server.  It is
        strongly suggested that you instead modify the User
        directive in your httpd.conf file to list a non-root
        user.
/usr/local/apache/bin/apachectl start: httpd could not be started
>How-To-Repeat:
compile apache 1.3.9 and set the User to root and Group to wheel.
>Fix:
The directions given to get apache to compile with support for running as root does not work.
 what am I doing wrong?
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message