httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <>
Subject Re: 1.3 veto ?
Date Fri, 10 Jan 1997 05:56:08 GMT
> On Fri, 10 Jan 1997, Chuck Murcko wrote:
> > Right now, it almost seems like we're in beta burnout. Bug fixes aren't
> > getting voted on, and there's no clear deadline for even the next beta.
> > 1.2 feels like it's starting to dissipate. That needs to change.
> > We can set the stage for 2.0 well, if we get 1.2 back on track.
> Lets start with a list of security things that I think are
> outstanding:
> 	- suexec fixes; anyone have any patches started?

Yes, Jason has a set of patches for all but the enviro fix. I'm
trying to find some time to nuke that one in the next couple days.

> 	- suexec doc improvements; I will try to suggest a patch for
> 	  some of the stuff I think should be clarified if no one
> 	  else gets there first.  
> 	- logfile directory permissions warning; I sent off a
> 	  suggested docs patch but got no response.  If people don't
> 	  like it, that's cool; SAY SOMETHING.  This security risk
> 	  needs to be documented somehow.

As I remember, it was fine. Today's little email flurry has left it
a bit buried....

> 	- snprintf changes; still some discussion needed about
> 	  implementation, but I think most of that will come when a
> 	  patch is submitted for discussion.  I will try to do
> 	  something ASAP.

View raw message