httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: [PATCH] remove bogus LockFile warning from docs
Date Mon, 22 Dec 1997 22:26:03 GMT
Um, sure if you're on a system that does intelligent things with O_CREAT |
O_EXCL and intervening symlinks.  I don't trust all systems to do that, so
this warning applies to some folks.  I think just putting a blanket
warning in there like this is better than us trying to compile/maintain a
list of systems that do the right thing.

DoS alone is a good enough reason for me. 

Dean

On Mon, 22 Dec 1997, Marc Slemko wrote:

> None of the issues with placement of the LockFile apply, so the below
> warning about the LockFile directive is not necessary.  The only risk is
> that someone else could create a file with that name and prevent the
> server from starting; well, a lot of files unless they can guess the pid.
> 
> Index: core.html
> ===================================================================
> RCS file: /export/home/cvs/apachen/htdocs/manual/mod/core.html,v
> retrieving revision 1.87
> diff -u -r1.87 core.html
> --- core.html	1997/12/14 01:04:56	1.87
> +++ core.html	1997/12/22 21:07:52
> @@ -1029,9 +1029,6 @@
>  must be stored on a local disk</b>.  The PID of the main
>  server process is automatically appended to the filename. <p>
>  
> -The LockFile is subject to the same warnings about log file placement and
> -<a href="../misc/security_tips.html#serverroot">security</a>.
> -
>  <P><HR>
>  
>  <h2><A name="maxclients">MaxClients directive</A></h2>
> 
> 


Mime
View raw message