-DBIG_SECURITY_HOLE
この件ですが。
そんなクレイジーなオプションあったんですね。。。root権限で動かそうと考えた事が無かったので全然知らねー。(w
ちょっとだけ中身を覗いてみます。
% grep -rn BIG_SECURITY_HOLE /usr/local/src/apache_1.3.39 /usr/local/src/apache_1.3.39/src/main/http_main.c:4227:#ifdef BIG_SECURITY_HOLE /usr/local/src/apache_1.3.39/src/main/http_main.c:4228: printf(" -D BIG_SECURITY_HOLE\n"); /usr/local/src/apache_1.3.39/src/main/http_core.c:2174:#if !defined (BIG_SECURITY_HOLE) && !defined (OS2) /usr/local/src/apache_1.3.39/src/main/http_core.c:2181: "\tadd -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS line in your\n" /usr/local/src/apache_1.3.39/src/CHANGES:7457: BIG_SECURITY_HOLE is defined at compile time. [Dean Gaudet] % grep -rn BIG_SECURITY_HOLE /usr/local/src/httpd-2.0.61 /usr/local/src/httpd-2.0.61/server/mpm/experimental/perchild/perchild.c:1868:#ifndef BIG_SECURITY_HOLE /usr/local/src/httpd-2.0.61/server/main.c:66:#ifdef BIG_SECURITY_HOLE /usr/local/src/httpd-2.0.61/server/main.c:67: printf(" -D BIG_SECURITY_HOLE\n"); /usr/local/src/httpd-2.0.61/os/unix/unixd.c:172:#if !defined (BIG_SECURITY_HOLE) && !defined (OS2) /usr/local/src/httpd-2.0.61/os/unix/unixd.c:178: "\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n" % grep -rn BIG_SECURITY_HOLE /usr/local/src/httpd-2.2.6 /usr/local/src/httpd-2.2.6/modules/generators/mod_info.c:394:#ifdef BIG_SECURITY_HOLE /usr/local/src/httpd-2.2.6/modules/generators/mod_info.c:395: ap_rputs(" -D BIG_SECURITY_HOLE\n", r); /usr/local/src/httpd-2.2.6/server/main.c:109:#ifdef BIG_SECURITY_HOLE /usr/local/src/httpd-2.2.6/server/main.c:110: printf(" -D BIG_SECURITY_HOLE\n"); /usr/local/src/httpd-2.2.6/os/unix/unixd.c:172:#if !defined (BIG_SECURITY_HOLE) && !defined (OS2) /usr/local/src/httpd-2.2.6/os/unix/unixd.c:178: "\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n" % less -N /usr/local/src/apache_1.3.39/src/main/http_core.c 〜 省略 〜 2174 #if !defined (BIG_SECURITY_HOLE) && !defined (OS2) 2175 if (cmd->server->server_uid == 0) { 2176 fprintf(stderr, 2177 "Error:\tApache has not been designed to serve pages while\n" 2178 "\trunning as root. There are known race conditions that\n" 2179 "\twill allow any local user to read any file on the system.\n" 2180 "\tIf you still desire to serve pages as root then\n" 2181 "\tadd -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS line in your\n" 2182 "\tsrc/Configuration file and rebuild the server. It is\n" 2183 "\tstrongly suggested that you instead modify the User\n" 2184 "\tdirective in your httpd.conf file to list a non-root\n" 2185 "\tuser.\n"); 2186 exit (1); 2187 } 2188 #endif 〜 省略 〜
なる程ねぇ。今更ながら勉強になりました。「SECURITY_HOLE_PASS_AUTHORIZATION」なる定数も存在している模様。
% grep -rn SECURITY_HOLE_PASS_AUTHORIZATION /usr/local/src/apache_1.3.39 /usr/local/src/apache_1.3.39/src/main/http_main.c:4230:#ifdef SECURITY_HOLE_PASS_AUTHORIZATION /usr/local/src/apache_1.3.39/src/main/http_main.c:4231: printf(" -D SECURITY_HOLE_PASS_AUTHORIZATION\n"); /usr/local/src/apache_1.3.39/src/main/util_script.c:196:#ifndef SECURITY_HOLE_PASS_AUTHORIZATION /usr/local/src/apache_1.3.39/src/CHANGES:5969: *) If you define SECURITY_HOLE_PASS_AUTHORIZATION then the Authorization % grep -rn SECURITY_HOLE_PASS_AUTHORIZATION /usr/local/src/httpd-2.0.61 /usr/local/src/httpd-2.0.61/server/util_script.c:173:#ifndef SECURITY_HOLE_PASS_AUTHORIZATION /usr/local/src/httpd-2.0.61/server/main.c:70:#ifdef SECURITY_HOLE_PASS_AUTHORIZATION /usr/local/src/httpd-2.0.61/server/main.c:71: printf(" -D SECURITY_HOLE_PASS_AUTHORIZATION\n"); % grep -rn SECURITY_HOLE_PASS_AUTHORIZATION /usr/local/src/httpd-2.2.6 /usr/local/src/httpd-2.2.6/modules/generators/mod_info.c:398:#ifdef SECURITY_HOLE_PASS_AUTHORIZATION /usr/local/src/httpd-2.2.6/modules/generators/mod_info.c:399: ap_rputs(" -D SECURITY_HOLE_PASS_AUTHORIZATION\n", r); /usr/local/src/httpd-2.2.6/server/util_script.c:173:#ifndef SECURITY_HOLE_PASS_AUTHORIZATION /usr/local/src/httpd-2.2.6/server/main.c:113:#ifdef SECURITY_HOLE_PASS_AUTHORIZATION /usr/local/src/httpd-2.2.6/server/main.c:114: printf(" -D SECURITY_HOLE_PASS_AUTHORIZATION\n");
ただ、マニュアルを検索しても見つからねーっす。(--;
はてなブックマークで情報を発見(1・2・3)できたのですが、危険という事で公式なマニュアルには含めていないのかな。。。
