httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: OS Name in SERVER_VERSION (fwd)
Date Tue, 14 Apr 1998 02:17:32 GMT
Brian Behlendorf wrote:
> 
> At 09:54 PM 4/13/98 -0400, Jim Jagielski wrote:
> >Alexei Kosut wrote:
> >> 
> >> Yeah. I think the general consensus is that having the server return
> >> "Server: Apache/1.3.1
> Linux/0.9.4.to.exploit.follow.these.simple.steps.etc..."
> >> is a bad idea. But I can't really see any problems resulting from simply
> >> adding a "Unix" or "Win32" onto the end. Except, of course, that they do
> >> not fall into the token/token form prescribed by HTTP. (OS/Win32, OS/Unix  
> >> maybe, to make it more clear what's going on?)
> >> 
> >
> >Good point...
> 
> Win32/Intel, Win32/Alpha, Linux/Sparc, Solaris/Intel, maybe?  
> 

Well, besides the extra junk that we'd need to do determine all
those flavors, it opens us up again to the subject of OS-specific
security holes... OS/Unix is just vague enough to be usefull yet
clueless :) :)

Just MO.

-- 
===========================================================================
   Jim Jagielski   |||   jim@jaguNET.com   |||   http://www.jaguNET.com/
            "That's no ordinary rabbit... that's the most foul,
            cruel and bad-tempered rodent you ever laid eyes on"

Mime
View raw message