[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-ssl
Subject:    Re: [apache-ssl] argh!
From:       Ben Laurie <ben () algroup ! co ! uk>
Date:       1999-11-29 18:35:39
[Download RAW message or body]

Taco IJsselmuiden wrote:
> 
> > >however, as i stated before, i NEED it to run as root.
> > >I just need to know how to compile apache 1.3.9 to run as root. Do you know
> > >at all?
> I'm no apache-expert, nor am i a C expert, but here's a small piece of
> http_core.c. It's line 1938-1952.

Right, which indicates that either Apache wasn't recompiled, or the
recompiled version is not what was being run.

Cheers,

Ben.

> 
> HTH,
> Taco.
> 
> ------------ use chainsaw here ------------------
> #if !defined (BIG_SECURITY_HOLE) && !defined (OS2)
>     if (cmd->server->server_uid == 0) {
>    fprintf(stderr,
>       "Error:\tApache has not been designed to serve pages while\n"
>       "\trunning as root.  There are known race conditions that\n"
>       "\twill allow any local user to read any file on the system.\n"
>       "\tIf you still desire to serve pages as root then\n"
>       "\tadd -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS line in your\n"
>       "\tsrc/Configuration file and rebuild the server.  It is\n"
>       "\tstrongly suggested that you instead modify the User\n"
>       "\tdirective in your httpd.conf file to list a non-root\n"
>       "\tuser.\n");
>    exit (1);
>     }
> #endif
> ------------ use chainsaw here ------------------

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi

[prev in list] [next in list] [prev in thread] [next in thread]