httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject mod_actions (patch and questions)
Date Fri, 15 Dec 1995 00:25:59 GMT
Just rolled in mod_actions and found a little bug if it is not
configured into the server configs.

Not sure if the Apache team wants to adopt and maintain this code,
or if the patch should go to the author. I think the author is in
the group.

As I understand this, is this the spot to put something like an
action for a CGI script (like cgi-wrapper etc.)?  Any comments on
other uses?

BTW - could someone in the know please take a look at the SetEUID
patch to see if we can spot a security problem here. This really
seems to me the kewl way to secure CGI, but I am not certain about
the impact on security WRT these seteuid calls.



*** mod_actions.c.orig	Thu Dec 14 18:07:00 1995
--- mod_actions.c	Thu Dec 14 18:06:30 1995
***************
*** 129,136 ****
      action_dir_config *conf =
        (action_dir_config *)get_module_config(r->per_dir_config, &action_module);
  
!     if (!strcmp(table_get(conf->action_types,  r->content_type), NULL))
!         return(DECLINED);
  
      if (r->finfo.st_mode == 0) {
          log_reason("File does not exist", r->filename, r);
--- 129,136 ----
      action_dir_config *conf =
        (action_dir_config *)get_module_config(r->per_dir_config, &action_module);
  
!     if ((table_get(conf->action_types, r->content_type)) == NULL)
!       return(DECLINED);
  
      if (r->finfo.st_mode == 0) {
          log_reason("File does not exist", r->filename, r);




Mime
View raw message