NCSA 1.5a running as root bug & fix

NCSA 1.5a running as root bug & fix

Post by David Sh » Thu, 30 Nov 1995 04:00:00

Hi there,

I've found a rather interesting bug in the HTTPd version 1.5a under SunOS

I am in charge of managing the server, but I am NOT root.  To make life
easier, I have two programs (both setuid root) to start or restart the

When I put up the server by running the start program, my real uid is
my own, but my effective uid is root.  Unfortunately, the server only
checks _real_ uids before deciding if it will give up its root
priviledges or not.

Thus, if you start the server from a setuid starter program, you end up
with your server running setuid root.  Not a good thing.

To fix it, I replaced (in the httpd.c file) getuid with geteuid.


   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


1. Running error of NCSA httpd-1.5a as root

I compiled and installed NCSA httpd-1.5a in my Solaris2,4 system, using
gcc-2.7.1. If I start it as a normal user, all are right. But if I try
to run it as root, I got th error message "Segmentation Fault- Core Dumped".
Who could help figure it out?

Sincerely, yours


Xinyang Shen

2. Creating NIS+ tables for AutoFS

3. NCSA 1.5a running as root on Linux 1.2.13?

4. Logitech Pilot Mouse - third button behaviour

5. Networking card MAC reads 5A:5A:5A:5A:5A

6. Unix Shell Variable Usage

7. NCSA 1.5a: Run-away child processes

8. How to set daylight savings time in Linux?

9. NCSA 1.5a & AIX 3.2.5 - Problem Resolved!

10. NCSA 1.5a & Linux 1.3.7x Problems

11. Linux & NCSA 1.5a SIGSEGV's

12. Solaris 2.5 & NCSA 1.5a (can't start more than 130 httpd's)

13. ncsa/apache httpd redirect bug/fix etc.