httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: small security hole in accept_mutex_init
Date Sat, 28 Dec 1996 20:00:04 GMT
On Sat, 28 Dec 1996, Garey Smiley wrote:

> On Fri, 27 Dec 1996 18:47:38 -0500 (EST), Chuck Murcko wrote:
> 
> >I'm +1 for adding O_EXCL to the popenf() flags, unless someone knows of
> >an OS not supporting this. This should be in 1.2.
> >
> >Gary, what about OS/2? Is this copacetic there?
> >
> >Marc Slemko liltingly intones:
> >> 
> >> In http_main.c there is:
> >> 
> >> 	accept_mutex_init(pool *p)
> >> 	{
> >> 	    char lock_fname[30];
> >> 
> >> 	    strcpy(lock_fname, "/usr/tmp/htlock.XXXXXX");
> 
> If we can make the destination directory configurable for the above
> line it should work.

Shouldn't matter for OS/2, since accept_mutex_init will only be compiled
for systems matching one of: 

	#elif defined(SOLARIS2)
	#elif defined(IRIX)
	#elif defined(LINUX)
	#elif defined(SCO5)
	#elif defined(SVR4)
	#elif defined(DGUX)
	#elif defined(__FreeBSD__) || defined(__bsdi__)
	#elif defined(UXPDS)

Solaris 2.x, IRIX, Linux, FreeBSD, BSDI definitely support O_EXCL.  


Mime
View raw message