Thread: Problems with DBIG_SECURITY_HOLE.
View Single Post

  #1 (permalink)  
Old 03-08-2008
sebastian nielsen
 
Posts: n/a
Default Problems with DBIG_SECURITY_HOLE.
I want some scripts to have root access. To accomplish that, I want to
run my Apache2 as root. Here is the result:

login as: root
root@192.168.2.100's password: root
Last login: Fri Mar 7 16:27:22 2008
Linux ubuntu 2.6.22-14-server #1 SMP Sun Oct 14 23:34:23 GMT 2007 i686

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
<b>root@ubuntu:~# env CFLAGS="-DBIG_SECURITY_HOLE"</b>
TERM=xterm
SHELL=/bin/bash
SSH_CLIENT=192.168.0.100 1298 22
SSH_TTY=/dev/pts/0
USER=root
LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:s o=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31; 01:su=37;41:sg=30;43:tw=30;42:ow=34;42:st=37;44:ex =01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=0 1;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:* .gz=01;31:*.bz2=01;31:*.deb=01;31:*.rpm=01;31:*.ja r=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp =01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=0 1;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01 ;35:*.png=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01; 35:*.avi=01;35:*.fli=01;35:*.gl=01;35:*.dl=01;35:* .xcf=01;35:*.xwd=01;35:*.flac=01;35:*.mp3=01;35:*. mpc=01;35:*.ogg=01;35:*.wav=01;35:
MAIL=/var/mail/root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/
games
PWD=/root
LANG=sv_SE.UTF-8
SHLVL=1
HOME=/root
LOGNAME=root
SSH_CONNECTION=192.168.0.100 1298 192.168.2.100 22
LESSOPEN=| /usr/bin/lesspipe %s
LESSCLOSE=/usr/bin/lesspipe %s %s
_=/usr/bin/env
CFLAGS=-DBIG_SECURITY_HOLE
<b>root@ubuntu:~# apache2</b>
Syntax error on line 125 of /etc/apache2/apache2.conf:
Error:
Apache has not been designed to serve pages while
running as root. There are known race conditions that
will allow any local user to read any file on the system.
If you still desire to serve pages as root then
add -DBIG_SECURITY_HOLE to the CFLAGS env variable
and then rebuild the server.
It is strongly suggested that you instead modify the User
directive in your httpd.conf file to list a non-root
user.
<b>root@ubuntu:~#</b>