httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason A. Dour" <>
Subject Re: Oops explained
Date Wed, 10 Jul 1996 16:26:30 GMT

On Wed, 10 Jul 1996, Randy Terbush wrote:
> > As a matter of interest, what technique are you using in the end to soothe our
> > security fears?
. . .
> I'm sure that Jason will have some other things to add to this, and
> I prefer not to start that security debate all over again (yet). I think
> that Jason plans to have the per/UserDir stuff ready for presentation
> any day now. It would be relatively easy to provide a patch to centralize
> the exec code without enabling the wrapper aspect.

	UserDir (with some help from Randy on the internals) will be ready
for review anyday...I promise.  Soon, we'll have for your review suCGI
capabilities for VHosts and UserDirs.  At that point, the suCGI project
will be about 50% done by accomplishing 2 of its 4 goals.  The other two
are Directories and Locations. 

	In regards to the time Randy and I present it to the
group, I'll be providing a complete text of the logic for the code
involved with the setuid operations.  We've beefed up the paranoia pretty
well, IMHO, and I'm documenting everything we're checking as we go along. 

	I agree that we shoud centralize http_exec ASAP.  It will only
make all our lives easier.  8)  Randy, can you do that?

+ Jason A. Dour                            +
| Programmer Analyst II      |
| Dept. of Radiation Oncology         Finger for Geek Code, PGP Public Key,|
+ University of Louisville            PJ Harvey info, and other stuff...   +

Version: 2.6.2


View raw message