httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: Centralizing exec()
Date Fri, 12 Jul 1996 18:53:27 GMT
> Ooops... Randy, I was planning to look your patch over on the weekend,
> and may have some comments then.  Could you hold off in the meantime?
> Thanks.
> 
> rst

Sure. I don't think there is anything too controversial in this
step, but I'm sure it could use some guidance.

One thing about this change that I was kind of uncomfortable about
was the way I had to pass the retval back to the cgi_handler from
can_exec(). In the past, this check was called in cgi_handler only.
However, it makes more sense to add the security checks to this 
routine, and to call it for every exec() attempt as well. Alternative
methods welcome.







Mime
View raw message