Forwarded message:
> From rws@ukc.ac.uk Sat Sep 30 06:00:55 1995
> To: apache-bugs@apache.org
> Cc: ihc@ukc.ac.uk, djw2@ukc.ac.uk
> Subject: Apache Bugfix: v0.8.14 was not running setuid properly
> X-Address: Computing Laboratory, The University, Canterbury, Kent,
> X-Address: CT2 7NF, United Kingdom.
> X-Phone: +44 1227 764000 (x.3822)
> X-Url: http://alethea.ukc.ac.uk/wp?94rws
> Date: Sat, 30 Sep 1995 14:00:30 +0100
> Message-Id: <24370.812466030@cypress.ukc.ac.uk>
> From: Royston Shufflebotham <rws@ukc.ac.uk>
>
>
> There's a problem with the Apache server when running -setuid- root
> (i.e. real user not root). The tests for running as root in
> http_main.c check the real userid, not the effective userid.
>
> As such, if running euid root, all child processes stay euid root.. a
> slight security problem.
>
> Patch at the end of this email..
>
> Btw - it also corrects the style
> if (!geteuid())
> to
> if (geteuid()==0)
>
> It's a bit more explicit, and will (-should-!) compile to the same..
>
>
> ---->8-cut-here--->8---
> diff -cr apache_0.8.14/src/http_main.c apache_0.8.14.bugfixed/src/http_main.c
> *** apache_0.8.14/src/http_main.c Tue Sep 19 17:05:01 1995
> --- apache_0.8.14.bugfixed/src/http_main.c Sat Sep 30 13:45:32 1995
> ***************
> *** 590,596 ****
>
> static void set_group_privs()
> {
> ! if(!getuid()) {
> char *name;
>
> /* Get username if passed as a uid */
> --- 590,596 ----
>
> static void set_group_privs()
> {
> ! if(geteuid()==0) {
> char *name;
>
> /* Get username if passed as a uid */
> ***************
> *** 743,749 ****
> reopen_scoreboard (pconf);
>
> /* Only try to switch if we're running as root */
> ! if(!getuid() && setuid(user_id) == -1) {
> log_error ("unable to change uid", server_conf);
> exit (1);
> }
> --- 743,749 ----
> reopen_scoreboard (pconf);
>
> /* Only try to switch if we're running as root */
> ! if((geteuid()==0) && setuid(user_id) == -1) {
> log_error ("unable to change uid", server_conf);
> exit (1);
> }
> ---->8-cut-here--->8---
>
>
> Regards,
> Royston Shufflebotham
>
> P.S. Could you please correct the mis-spelling of my Christian name in
> the Apache changelog? (and leave my surname spelt correctly!!) I've
> resisted the temptation of supplying a patch file for that.. :-)
>
> From rws@ukc.ac.uk Sat Sep 30 06:00:55 1995
> To: apache-bugs@apache.org
> Cc: ihc@ukc.ac.uk, djw2@ukc.ac.uk
> Subject: Apache Bugfix: v0.8.14 was not running setuid properly
> X-Address: Computing Laboratory, The University, Canterbury, Kent,
> X-Address: CT2 7NF, United Kingdom.
> X-Phone: +44 1227 764000 (x.3822)
> X-Url: http://alethea.ukc.ac.uk/wp?94rws
> Date: Sat, 30 Sep 1995 14:00:30 +0100
> Message-Id: <24370.812466030@cypress.ukc.ac.uk>
> From: Royston Shufflebotham <rws@ukc.ac.uk>
>
>
> There's a problem with the Apache server when running -setuid- root
> (i.e. real user not root). The tests for running as root in
> http_main.c check the real userid, not the effective userid.
>
> As such, if running euid root, all child processes stay euid root.. a
> slight security problem.
>
> Patch at the end of this email..
>
> Btw - it also corrects the style
> if (!geteuid())
> to
> if (geteuid()==0)
>
> It's a bit more explicit, and will (-should-!) compile to the same..
>
>
> ---->8-cut-here--->8---
> diff -cr apache_0.8.14/src/http_main.c apache_0.8.14.bugfixed/src/http_main.c
> *** apache_0.8.14/src/http_main.c Tue Sep 19 17:05:01 1995
> --- apache_0.8.14.bugfixed/src/http_main.c Sat Sep 30 13:45:32 1995
> ***************
> *** 590,596 ****
>
> static void set_group_privs()
> {
> ! if(!getuid()) {
> char *name;
>
> /* Get username if passed as a uid */
> --- 590,596 ----
>
> static void set_group_privs()
> {
> ! if(geteuid()==0) {
> char *name;
>
> /* Get username if passed as a uid */
> ***************
> *** 743,749 ****
> reopen_scoreboard (pconf);
>
> /* Only try to switch if we're running as root */
> ! if(!getuid() && setuid(user_id) == -1) {
> log_error ("unable to change uid", server_conf);
> exit (1);
> }
> --- 743,749 ----
> reopen_scoreboard (pconf);
>
> /* Only try to switch if we're running as root */
> ! if((geteuid()==0) && setuid(user_id) == -1) {
> log_error ("unable to change uid", server_conf);
> exit (1);
> }
> ---->8-cut-here--->8---
>
>
> Regards,
> Royston Shufflebotham
>
> P.S. Could you please correct the mis-spelling of my Christian name in
> the Apache changelog? (and leave my surname spelt correctly!!) I've
> resisted the temptation of supplying a patch file for that.. :-)
>