* [Buildroot] [PATCH 1/1] Update Apache2 package
@ 2015-10-25 11:12 Geoffrey Ragot
2015-12-20 14:18 ` Thomas Petazzoni
0 siblings, 1 reply; 2+ messages in thread
From: Geoffrey Ragot @ 2015-10-25 11:12 UTC (permalink / raw)
To: buildroot
Currently, apache2 package does not allow
to use -DBIG_SECURITY_HOLE flag.
This flag allow httpd daemon to run as root.
It should be the responsability of the user
to take this decision.
This patch add an option to set this flag.
Previous behavior unchanged.
Signed-off-by: Geoffrey Ragot <geoffrey.ragot@gmail.com>
---
package/apache/Config.in | 5 +++++
package/apache/apache.mk | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/package/apache/Config.in b/package/apache/Config.in
index 0814a17..ff0e822 100644
--- a/package/apache/Config.in
+++ b/package/apache/Config.in
@@ -17,3 +17,8 @@ config BR2_PACKAGE_APACHE
comment "apache needs a toolchain w/ dynamic library, threads"
depends on BR2_USE_MMU
depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS
+
+if BR2_PACKAGE_APACHE
+config BR2_PACKAGE_APACHE_ALLOW_ROOT
+ bool "Allow apache running as root"
+endif
diff --git a/package/apache/apache.mk b/package/apache/apache.mk
index daf8fe2..2e935b5 100644
--- a/package/apache/apache.mk
+++ b/package/apache/apache.mk
@@ -35,6 +35,10 @@ APACHE_CONF_OPTS = \
--disable-lua \
--disable-luajit
+ifeq ($(BR2_PACKAGE_APACHE_ALLOW_ROOT),y)
+APACHE_CONF_OPTS += CFLAGS="$(TARGET_CFLAGS) -DBIG_SECURITY_HOLE"
+endif
+
ifeq ($(BR2_ARCH_HAS_ATOMICS),y)
APACHE_CONF_OPTS += --enable-nonportable-atomics=yes
endif
--
2.6.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH 1/1] Update Apache2 package
2015-10-25 11:12 [Buildroot] [PATCH 1/1] Update Apache2 package Geoffrey Ragot
@ 2015-12-20 14:18 ` Thomas Petazzoni
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2015-12-20 14:18 UTC (permalink / raw)
To: buildroot
Dear Geoffrey Ragot,
On Sun, 25 Oct 2015 12:12:53 +0100, Geoffrey Ragot wrote:
> Currently, apache2 package does not allow
> to use -DBIG_SECURITY_HOLE flag.
> This flag allow httpd daemon to run as root.
> It should be the responsability of the user
> to take this decision.
> This patch add an option to set this flag.
> Previous behavior unchanged.
>
> Signed-off-by: Geoffrey Ragot <geoffrey.ragot@gmail.com>
Thanks for your patch, and sorry for the slow response. However, we
believe that running a web server as root is really a bad idea. All our
other web servers (lighttpd, nginx, etc.) already default in Buildroot
to run as the www-data user. We don't think we should encourage users
to run apache as root.
For this reason, I've marked your patch as "Rejected" in our patch
tracking system. Of course, don't hesitate to get back to us if you
disagree with a good and valid use case for running apache as root :)
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-12-20 14:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-10-25 11:12 [Buildroot] [PATCH 1/1] Update Apache2 package Geoffrey Ragot
2015-12-20 14:18 ` Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.