Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 132876

Summary: net-www/pwauth has wrong uid hardcoded in
Product: Gentoo Linux Reporter: René Fleschenberg <rene>
Component: [OLD] ServerAssignee: Apache Team - Bugzilla Reports <apache-bugs>
Status: RESOLVED DUPLICATE    
Severity: major    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description René Fleschenberg 2006-05-10 03:24:22 UTC 
As a security measure, net-www/pwauth checks the uid it is running as against a hardcoded value and returns an error if the uids do not match.

The uid in pwauth's config.h file supplied by upstream is 72. However, in a typical Gentoo scenario, pwauth will be run as uid 82 (apache). The ebuild fails to address this.

The ebuild should be updated to patch config.h to define SERVER_UID as 82.


The more general problem here is that pwauth compiles all of its configuration in for performance reasons, so there is no way to actually configure the program after it has been merged. As a result, the ebuild as it is is pretty much useless in many scenarios, since you need to compile the program by hand anyway if you want to configure it at all.

Maybe the ebuild could be changed somehow to address this. Some configuration options could be switched by USE flags. However, things like a list of uids that are allowed to use the program are difficult to control via USE flags, as far as I know.
Comment 1 René Fleschenberg 2006-05-10 03:27:48 UTC 
(In reply to comment #0)

> The ebuild should be updated to patch config.h to define SERVER_UID as 82.

Sorry, typo. apache's default uid is 81, not 82.
Comment 2 Benedikt Böhm (RETIRED) gentoo-dev 2006-06-05 12:18:18 UTC 
in cvs since forever..

*** This bug has been marked as a duplicate of 83957 ***