dgaudet 97/06/28 15:00:18
Modified: src Tag: APACHE_1_2_X CHANGES http_core.c
Log:
Whack people upside the head if they try to run apache as root.
Revision Changes Path
No revision
No revision
1.286.2.15 +4 -1 apache/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache/src/CHANGES,v
retrieving revision 1.286.2.14
retrieving revision 1.286.2.15
diff -C3 -r1.286.2.14 -r1.286.2.15
*** CHANGES 1997/06/28 19:51:25 1.286.2.14
--- CHANGES 1997/06/28 22:00:15 1.286.2.15
***************
*** 13,22 ****
(headers, readmes, titles), mod_negotiation (type maps), or
mod_cern_meta (meta files). [Dean Gaudet]
*) CONFIG: "HostnameLookups" now defaults to off because it is far better
for the net if we require people that actually need this data to
enable it. [Linus Torvalds]
!
*) mod_include was not properly changing the current directory.
[Marc Slemko] PR#742
--- 13,25 ----
(headers, readmes, titles), mod_negotiation (type maps), or
mod_cern_meta (meta files). [Dean Gaudet]
+ *) SECURITY: Apache will refuse to run as "User root" unless
+ BIG_SECURITY_HOLE is defined at compile time. [Dean Gaudet]
+
*) CONFIG: "HostnameLookups" now defaults to off because it is far better
for the net if we require people that actually need this data to
enable it. [Linus Torvalds]
!
*) mod_include was not properly changing the current directory.
[Marc Slemko] PR#742
1.81.2.1 +15 -1 apache/src/http_core.c
Index: http_core.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_core.c,v
retrieving revision 1.81
retrieving revision 1.81.2.1
diff -C3 -r1.81 -r1.81.2.1
*** http_core.c 1997/05/08 13:09:24 1.81
--- http_core.c 1997/06/28 22:00:16 1.81.2.1
***************
*** 886,894 ****
else {
cmd->server->server_uid = user_id;
fprintf(stderr,
! "Warning: User directive in <VirtualHost> requires SUEXEC wrapper.\n");
}
}
return NULL;
}
--- 886,908 ----
else {
cmd->server->server_uid = user_id;
fprintf(stderr,
! "Warning: User directive in <VirtualHost> "
! "requires SUEXEC wrapper.\n");
}
}
+ #if !defined (BIG_SECURITY_HOLE)
+ if (cmd->server->server_uid == 0) {
+ fprintf (stderr,
+ "Error:\tApache has not been designed to serve pages while running\n"
+ "\tas root. There are known race conditions that will allow any\n"
+ "\tlocal user to read any file on the system. Should you still\n"
+ "\tdesire to serve pages as root then add -DBIG_SECURITY_HOLE to\n"
+ "\tthe EXTRA_CFLAGS line in your src/Configuration file and rebuild\n"
+ "\tthe server. It is strongly suggested that you instead modify the\n"
+ "\tUser directive in your httpd.conf file to list a non-root user.\n");
+ exit (1);
+ }
+ #endif
return NULL;
}
Modified: src Tag: APACHE_1_2_X CHANGES http_core.c
Log:
Whack people upside the head if they try to run apache as root.
Revision Changes Path
No revision
No revision
1.286.2.15 +4 -1 apache/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache/src/CHANGES,v
retrieving revision 1.286.2.14
retrieving revision 1.286.2.15
diff -C3 -r1.286.2.14 -r1.286.2.15
*** CHANGES 1997/06/28 19:51:25 1.286.2.14
--- CHANGES 1997/06/28 22:00:15 1.286.2.15
***************
*** 13,22 ****
(headers, readmes, titles), mod_negotiation (type maps), or
mod_cern_meta (meta files). [Dean Gaudet]
*) CONFIG: "HostnameLookups" now defaults to off because it is far better
for the net if we require people that actually need this data to
enable it. [Linus Torvalds]
!
*) mod_include was not properly changing the current directory.
[Marc Slemko] PR#742
--- 13,25 ----
(headers, readmes, titles), mod_negotiation (type maps), or
mod_cern_meta (meta files). [Dean Gaudet]
+ *) SECURITY: Apache will refuse to run as "User root" unless
+ BIG_SECURITY_HOLE is defined at compile time. [Dean Gaudet]
+
*) CONFIG: "HostnameLookups" now defaults to off because it is far better
for the net if we require people that actually need this data to
enable it. [Linus Torvalds]
!
*) mod_include was not properly changing the current directory.
[Marc Slemko] PR#742
1.81.2.1 +15 -1 apache/src/http_core.c
Index: http_core.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_core.c,v
retrieving revision 1.81
retrieving revision 1.81.2.1
diff -C3 -r1.81 -r1.81.2.1
*** http_core.c 1997/05/08 13:09:24 1.81
--- http_core.c 1997/06/28 22:00:16 1.81.2.1
***************
*** 886,894 ****
else {
cmd->server->server_uid = user_id;
fprintf(stderr,
! "Warning: User directive in <VirtualHost> requires SUEXEC wrapper.\n");
}
}
return NULL;
}
--- 886,908 ----
else {
cmd->server->server_uid = user_id;
fprintf(stderr,
! "Warning: User directive in <VirtualHost> "
! "requires SUEXEC wrapper.\n");
}
}
+ #if !defined (BIG_SECURITY_HOLE)
+ if (cmd->server->server_uid == 0) {
+ fprintf (stderr,
+ "Error:\tApache has not been designed to serve pages while running\n"
+ "\tas root. There are known race conditions that will allow any\n"
+ "\tlocal user to read any file on the system. Should you still\n"
+ "\tdesire to serve pages as root then add -DBIG_SECURITY_HOLE to\n"
+ "\tthe EXTRA_CFLAGS line in your src/Configuration file and rebuild\n"
+ "\tthe server. It is strongly suggested that you instead modify the\n"
+ "\tUser directive in your httpd.conf file to list a non-root user.\n");
+ exit (1);
+ }
+ #endif
return NULL;
}