httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason A. Dour" <...@bcc.louisville.edu>
Subject Re: Agenda for 1.2b7
Date Wed, 29 Jan 1997 15:27:39 GMT
-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 29 Jan 1997, Marc Slemko wrote:
>   * suexec sets environ to local variable, possibly to overwrite
>     memory by too many environ variables
> 
> 	status: Jason looking at it

	Fix is simple, I believe, and I will have a patch soon.  This will
also need to be patched in the server for safety since we pulled the code
directly from there...

>   * suexec setuid() before directory checks for nfs mounted filesystems, PR#70
>        Status: no patch yet

	This should be done for other reasons aside from NFS.  I've
reviewed this a little, and I might have a patch at the same time as the
patch for the environ stuff...

>   * suexec does not pass "foobar" as argv[1] when URL is /cgi/somecgi?foobar
>        Status: Jason reported

	This is fixed.  I've verified by fully testing b7 on my dev'able
site.  Yay.  It can be removed.  8)

Jason
# Jason A. Dour <jad@bcc.louisville.edu>                            1101
# Programmer Analyst II; Department of Radiation Oncology; Univ. of Lou.
# Finger for URLs, PGP public key, geek code, PJ Harvey info, et cetera.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMu9sbZo1JaC71RLxAQE17gP8C0BipMS0qTRWtsfqwy4Oq0EuF4oB8Xql
Telu1RhptImbum3zFT1HOxrDTGDblcAhxxjChzTu6DbM32PKxcDkgmDeS93ncgxf
icDYzd+a0KVUp+CBcIz+VVwBMNKNcj9936fps7TJSSWwhEa0yaQYLpi+x8W2vm/U
vpwtKoBz7V8=
=hrvA
-----END PGP SIGNATURE-----


Mime
View raw message