Bug 40950

Summary: add note to manpage that htpasswd/htdigest is not safe for setuid/sudo
Product: Apache httpd-2 Reporter: Thijs Kinkhorst <thijs>
Component: DocumentationAssignee: HTTP Server Documentation List <docs>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 2.2-HEAD   
Target Milestone: ---   
Hardware: Other   
OS: All   
Attachments: adjust xml text

Description Thijs Kinkhorst 2006-11-12 03:55:46 UTC 
Hi,

The source code for htpasswd/htdigest contains the following note:

> "NOTE! This program is not safe as a setuid executable!  Do not make it
> setuid!"

Since many users won't be browsing the source code, this should be added to the
"security considerations" of the respective man pages for those programs.

Thanks.
Comment 1 Thijs Kinkhorst 2006-11-12 04:12:06 UTC 
Created attachment 19115 [details]
adjust xml text
Comment 2 Nick Kew 2006-12-16 14:02:54 UTC 
Fixed in /trunk/ and 2.2.x - thanks