Bug 45923 - htpasswd tries to open(file, O_RDONLY | O_APPEND)
Summary: htpasswd tries to open(file, O_RDONLY | O_APPEND)
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: support (show other bugs)
Version: 2.2.9
Hardware: All FreeBSD
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: FixedInTrunk
Depends on:
Reported: 2008-09-30 23:32 UTC by Jun Kuriyama
Modified: 2018-03-12 22:17 UTC (History)
1 user (show)

Patch for support/htpasswd.c (595 bytes, patch)
2008-09-30 23:32 UTC, Jun Kuriyama
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jun Kuriyama 2008-09-30 23:32:30 UTC
Created attachment 22657 [details]
Patch for support/htpasswd.c

In htpasswd.c, passwd file is checked for readable/writable via accessible() function.  Currently, open mode is APR_READ | APR_APPEND, and passed to apr_file_open() function.

In apr, apr_file_open() for unix converts this mode argument into fcntl.h's O_* flags.  As result, APR_READ | APR_APPEND will be converted to O_RDONLY | O_APPEND.

On FreeBSD 6.x, this call (open(O_RDONLY | O_APPEND)) is not so problem, but on FreeBSD 7.0, open(O_RDONLY | O_APPEND) for normal user's file without other writable permission by root priv fails with EACCES.

To solve this problem, attached patch should be applied.

Anyway, if read/write check is required, original APR_READ | APR_APPEND seems to be wrong.
Comment 1 Philp M. Gollucci 2009-01-18 16:19:16 UTC
CC myself on FreeBSD related bugs
Comment 2 Stefan Fritsch 2012-08-05 16:55:48 UTC
Comment 3 Rainer Jung 2012-08-21 15:53:04 UTC
Fixed in 2.4 with r1372373.
Released with 2.4.3.
Might get ported back to 2.2.
Comment 4 Christophe JAILLET 2018-03-12 22:17:56 UTC
Closing because 2.2 is EOL since 2017-07-11