httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Robert S. Thau)
Subject Re: CERTifiable nightmare
Date Mon, 13 Mar 1995 17:25:11 GMT
  Have we decided which 'fix' to use for this problem ?
  The CERT patch is a nightmare for a busy server without
  enormous amount of RAM to *waste*.

I thought there was a fairly clear consensus --- include all the
fixes for particular stack-scribbling problems (so far, the NCSA
fix, and drtr's similar fix for translate_name), and #ifdef the
CERT fix so those who want it, and can affort it, can have it
fairly easily.

(Apache-pre probably should have been done that way, but my focus
while I was building was more on making sure that my own patches
were ready for prime time, so I just applied every security patch
I had and left it there.  Hopefully, these awkwardnesses will go
away when Cliff produces the real release).


View raw message