httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: known bugs
Date Tue, 22 Aug 1995 13:32:46 GMT
   Date: Tue, 22 Aug 95 18:00 BST
   From: drtr@ast.cam.ac.uk (David Robinson)
   Precedence: bulk
   Reply-To: new-httpd@hyperreal.com

   Here's my list of known and suspected bugs; could someone add these to the
   known bugs list?

I'm not sure "suspected" bugs belong on the known bugs list.  Most of
these look like reportable bugs (assuming they didn't just result from
someone misconfiguring the server), but a few are a bit off...

   4.  Symbolic-link testing should fail safely, instead of allowing access
       whenever it cannot lstat the file.

It must allow at least ENOTFOUND, or MultiViews is shot in directories
with FollowSymLinks disabled.

Is there an actual circumstance in which this causes access to be
inappropriately granted?  If not, then it isn't broke, and I'd prefer
not to fix it.

   6.  design error: sub_req_lookup_simple() assumes that if
       URL path /foo/baz corresponds to the file /a/b/c, then the
       URL path /foo/baz/./wom (= /foo/wom) will correspond to /a/b/wom
       This is incorrect if /foo/baz is an Alias, e.g.
       DocumentRoot /wibble
       Alias /foo/baz.shtml /a/b/c.shtml

       #include "wom"
       /foo/wom will be /wibble/foo/wom, not /a/b/wom

Sigh... sub_req_lookup_simple() exists to avoid the considerable
expense of a full access check in case you know you're looking up
something in the same directory --- this is for includes, directory
lists, and MultiViews.

This could be "fixed" by just deleting the call to
sub_req_lookup_simple from sub_req_lookup_virtual(), and making sure
that mod_dir uses sub_req_lookup_file() (so that it actually gets the
_simple() version --- for _file(), aliases don't matter and there is
no bug).

   9.  Server push doesn't work. (ciws)

Fixed as of 0.8.9, which had a patch from Rob H. diking out the Arena
bugfix workaround.

   13. Apache is not C++ conformant; it overloads struture element names with
       types, which C++ disallows (yuk).

Not a bug.

rst

Mime
View raw message