apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: svn commit: r746589 - in /apr/apr/trunk: ./ include/ include/arch/unix/ include/arch/win32/ misc/unix/ misc/win32/ threadproc/beos/ threadproc/netware/ threadproc/os2/ threadproc/unix/ threadproc/win32/
Date Mon, 23 Feb 2009 11:37:56 GMT
On Sat, Feb 21, 2009 at 08:59:47PM -0000, Mladen Turk wrote:
> Author: mturk
> Date: Sat Feb 21 20:59:46 2009
> New Revision: 746589
> 
> URL: http://svn.apache.org/viewvc?rev=746589&view=rev
> Log:
> Add simple parent/child data exchange for APR processes

1) another addition to the procattr API which is entirely orthogonal to 
the API's purpose.  ick.

2) every apr_initialize() call for every app in the universe now tries 
to open some random file in /tmp regardless of whether they use this API

3) fundamental /tmp race (the temp file name is predictable and hence 
another local user could create the shm file and populate the data 
segment which would be picked up by the child) and hence is huge 
security hole

-1


Mime
View raw message