> Should be done or at least looked at before 1.2b7:
>
> * check into the patches in the FreeBSD port; the rlimit type thing
> could need to be fixed to work in 2.2 and 2.1. I think most of the
> other patches are silly.
FWIW - I think we need to look at using sysconf() for these rlimit
things. My familiarity with rlimit led me to make a wrong (less portable)
decision by using it for these things.
> * some better suexec docs would be really nice, detailing some of the
> security risks and compromises discussed
> Status: I think Randy said something about doing it at one point,
> but no one can write what I think should be there better
> than me, if I ever have time.
Actually, I think that Jason suggested that he might do this. Since I
did the first cut of these docs, it would probably be a better end
product if someone else took a pass at them.
> * suexec sets environ to local variable, possibly to overwrite
> memory by too many environ variables
>
> status: Randy looking into it; perhaps calloc array
Currently testing some patches for this and the following.
> * suexec setuid() before directory checks for nfs mounted filesystems, PR#70
> Status: no patch yet
>
> * MAXPATHLEN undefined in suexec on some systems
> Status: randy looking into it(?)
Does anyone else have a feel for whether PATH_MAX would be more portable?
|