160202 – propose a new useflag: insecurecgi

Bug 160202 - propose a new useflag: insecurecgi

Summary: propose a new useflag: insecurecgi

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Apache Team - Bugzilla Reports

URL:	hhttp://httpd.apache.org/dev/apidoc/a...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-01-05 02:39 UTC by Thilo Bangert (RETIRED) (RETIRED)
Modified:	2007-01-15 23:23 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thilo Bangert (RETIRED) (RETIRED) gentoo-dev

2007-01-05 02:39:18 UTC

i may be missing something, but i found myself needing the following:

when running fastcgi applications, authorization data is only passed to the cgi application when SECURITY_HOLE_PASS_AUTHORIZATION is set.

the insecurecgi use flag could turn this on. like:

use insecurecgi && append-flags -DSECURITY_HOLE_PASS_AUTHORIZATION

feedback welcome.

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2007-01-05 02:51:10 UTC

GAPING_SECURITY_HOLE would be a better flag for this, not that'd we need this flag  in apache either... Doesn't EXTRA_ECONF work if someone _really_ wants this? If not, maybe it should. :)

Comment 2 Luca Longinotti (RETIRED) gentoo-dev

2007-01-15 23:23:44 UTC

CFLAGS="-O2 -march=<yourarch> -pipe -DSECURITY_HOLE_PASS_AUTHORIZATION" CXXFLAGS="${CFLAGS}" emerge whatever ;)
Won't add this to the main apache ebuild, too little use and too much potential for doing silly things. ;)
Best regards, CHTEKK.