httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: SetUID once again
Date Mon, 25 Mar 1996 17:54:04 GMT
On Sun, 24 Mar 1996, Randy Terbush wrote:
> How about if the server refuses to execute anthing that is group
> or world writable? 

Nope, that would be unacceptible in our production environment.

> I understand your concern about multi-threading. As I read your
> comments, descriptor passing would work better?

In an ideal situation, it seems to me, you would have N (or more)
multithreaded but separate ("separate but equal"?) processes which map to the
N distinct UID's you want to use, with the "mother" process running as 
root as it does now.  If you had to support 500 different UID's and 
you're willing to give up performance in exchange for saving from having 
to support 500 simultaneous children, you could assign your 400 
least busy UID's to be forking processes off the mother (root) process.  

> The big problem with the DirUID patch that I submitted is that
> it does no checking of permissions of the directory. If the directory
> is writable by anyone other than the owner....

Isn't setting it to only obey access.conf settings just a change in the 
command table?

Also, why not recycle directives and thus allow the "User" command within 
<Directory> or <VirtualHost> containers?  

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  |  We're hiring!  http://www.organic.com/Home/Info/Jobs/


Mime
View raw message