httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <>
Subject Re: Countdown to 1.2b5
Date Fri, 24 Jan 1997 05:55:35 GMT
> On Thu, 23 Jan 1997, Roy T. Fielding wrote:
> > Do we have a release manager?  Well, I'll at least get it started.
> > We already have too many fixes in 1.2b5 to wait too long, so I think
> > we should squeeze it out as soon as the last ready-and-needed patch
> > is applied.  That means
> Agreed.  Hopefully we will be able to make b6 the last beta, but if we end
> up needing b7 due to changes we have to make for b6 and problems they
> cause then we end up needing b7.  <sigh>
> > 
> >     RLimit bug fix
> >         Status: Patch supplied by Ed Korthof
> >         Votes : +1 Roy, ??(I know somebody else reviewed it)
> > 
> >     Security hole for long ////// URLs
> >         Status: No 1.2b4 patch yet.  This baby needs an owner.  Volunteers?
> It is in the tree right now.  There have been various suggestions on ways
> to change it, but the only one I am really concerned with is the
> fact that if permission is denied for the index file it will log a
> message in the error log for each and every of the 'DirectoryIndex'es.
> Perhaps another ifdef wrapped if that doesn't log the message if
> the error is EACCES...
> And as I mentioned before I hate the log message:
>     log_printf(r->server, "access to %s failed for client; unable to determine if
index file exists (stat() returned unexpected error[%d])", r->filename, errno);
> that I wrote.  I do not have time to suggest a patch for this stuff
> tonight; I could tomorrow.
> > 
> >     Parameter for sigaction call in http_main.c not being initialized
> >         Status: see PR#74 and 98 for patches from two different people.
> >                 It is possible that using both signal and sigaction is
> >                 a bad idea, but a larger change can wait.
> there are two suexec ones (setuid() before directory checks for
> nfs mounted filesystems and adding TZ to the environment variables
> allowed) which would be good things to fix.

I'll try to address these tomorrow.

The Rlimit change has my vote as well.

I have submitted a couple of other patches that probably need to
wait for the next beta in view of the load of stuff that is in
this one.

View raw message