httpd-apreq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Schaefer <joe+gm...@sunstarsys.com>
Subject Re: [apreq-2] $upload->tempname on Win32
Date Mon, 05 Jul 2004 18:15:24 GMT
Joe Schaefer <joe+gmane@sunstarsys.com> writes:

[...]

> Keep in mind that apreq2 has no reason to assume whatever cleanup
> handlers we install will ever be run.  The server can abort prematurely
> on a signal, segfault, or an untrapped exception.  If we start leaving our
> tempfiles lying around whenever that happens, we create an opportunity
> for a DoS attack.

I just looked over apr's Unix implementation of APR_DELONCLOSE,
and it simply registers a pool cleanup handler that unlinks the 
file.  Only Win32's open() actually supports this on the OS-level.

So I'm +0 for dumbing down the Win32 port to Unix's level by removing 
that flag from apreq_file_mktemp and having it register a pool cleanup 
handler that unlinks the tempfile.

-- 
Joe Schaefer


Mime
View raw message