httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <ako...@organic.com>
Subject Re: WWW Form Bug Report: "srm.conf-dist has invalid Meta* lines" on Linux (fwd)
Date Thu, 13 Jun 1996 16:10:44 GMT
On Thu, 13 Jun 1996, Michael Douglass wrote:

> "Warning: srm.conf not found"
> 
> As an experienced operator of web servers, I would know this is a problem;
> but an inexperienced person (which there are alot of) would shrug his
> shoulders, yell to his buddies that it's running...  And he wouldn't
> realize until later that the srm.conf had some very important things in
> it that he had to have...

I agree. As well, the spelling issue *can* be deadly if unrecognized
directives are considered nonfatal. Options isn't a good one... what if
you mispell deny, and you end up letting everyone access your server?

My vote goes to rst's approach:

1) If you get an error in a <Directory> or <Location>, give a warning
on startup, then deny access to those files (like we do for .htaccess
files now).

2) If you get an error in a <VirtualHost>, give a warning on startup, then
deny access to that virtualhost entirely.

3) Any other error, kill the server.

This seems to me the best solution. It's completely safe, and it gives you
the ability to let owners of VirtualHosts have their own config files and
access to a setuid script to restart the server, and you can be confident
that they can't kill the whole thing by putting in a bad directive.

And it'd be a simple patch, too. Add an "invalid" member to server_rec and
core_dir_config, modify virtualhost_section(), dirsection() and
urlsection() to set it, then add checks to process_request_internal(),
directory_walk() and location_walk() that return SERVER_ERROR if it's
true.

For 1.2 perhaps. Let's get 1.1.0 released as soon as possible.

-- Alexei Kosut <akosut@organic.com> 
   http://www.nueva.pvt.k12.ca.us/~akosut/


Mime
View raw message