Summary: | add note to manpage that htpasswd/htdigest is not safe for setuid/sudo | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Thijs Kinkhorst <thijs> |
Component: | Documentation | Assignee: | HTTP Server Documentation List <docs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 2.2-HEAD | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | All | ||
Attachments: | adjust xml text |
Created attachment 19115 [details]
adjust xml text
Fixed in /trunk/ and 2.2.x - thanks |
Hi, The source code for htpasswd/htdigest contains the following note: > "NOTE! This program is not safe as a setuid executable! Do not make it > setuid!" Since many users won't be browsing the source code, this should be added to the "security considerations" of the respective man pages for those programs. Thanks.