httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: updated Agenda for 1.2b7
Date Fri, 07 Feb 1997 16:42:18 GMT

> Should be done or at least looked at before 1.2b7:
> 
>   * check into the patches in the FreeBSD port; the rlimit type thing
>     could need to be fixed to work in 2.2 and 2.1.  I think most of the
>     other patches are silly.

FWIW - I think we need to look at using sysconf() for these rlimit
things. My familiarity with rlimit led me to make a wrong (less portable)
decision by using it for these things.

>   * some better suexec docs would be really nice, detailing some of the
>     security risks and compromises discussed
> 	Status: I think Randy said something about doing it at one point,
> 		but no one can write what  I think should be there better
> 		than me, if I ever have time.

Actually, I think that Jason suggested that he might do this. Since I
did the first cut of these docs, it would probably be a better end
product if someone else took a pass at them.

>   * suexec sets environ to local variable, possibly to overwrite
>     memory by too many environ variables
> 
> 	status: Randy looking into it; perhaps calloc array

Currently testing some patches for this and the following.

>   * suexec setuid() before directory checks for nfs mounted filesystems, PR#70
>        Status: no patch yet
> 
>   * MAXPATHLEN undefined in suexec on some systems
> 	Status: randy looking into it(?)

Does anyone else have a feel for whether PATH_MAX would be more portable?






Mime
View raw message