40950 – add note to manpage that htpasswd/htdigest is not safe for setuid/sudo

Bug 40950 - add note to manpage that htpasswd/htdigest is not safe for setuid/sudo

Summary: add note to manpage that htpasswd/htdigest is not safe for setuid/sudo

Status:	RESOLVED FIXED

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	Documentation (show other bugs)
Version:	2.2-HEAD
Hardware:	Other All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	HTTP Server Documentation List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-11-12 03:55 UTC by Thijs Kinkhorst
Modified:	2006-12-16 14:02 UTC (History)
CC List:	0 users

Attachments
adjust xml text (1.05 KB, patch) 2006-11-12 04:12 UTC, Thijs Kinkhorst	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thijs Kinkhorst 2006-11-12 03:55:46 UTC

Hi,

The source code for htpasswd/htdigest contains the following note:

> "NOTE! This program is not safe as a setuid executable!  Do not make it
> setuid!"

Since many users won't be browsing the source code, this should be added to the
"security considerations" of the respective man pages for those programs.

Thanks.

Comment 1 Thijs Kinkhorst 2006-11-12 04:12:06 UTC

Created attachment 19115 [details]
adjust xml text

Comment 2 Nick Kew 2006-12-16 14:02:54 UTC

Fixed in /trunk/ and 2.2.x - thanks