httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Douglass <miked...@staff.texas.net>
Subject Re: cvs commit: apache-1.3 STATUS
Date Mon, 04 May 1998 05:22:29 GMT
>   +    * The DoS issue about symlinks to /dev/zero is still present.
>   +      A device checker patch had been sent to the list a while ago.
>   +      Msg-Id: ?
>   +       Jim: Couldn't we just use stat() and check the file-type?
>   +            stats are expensive though...

I was just sitting here thinking of a way to handle this.  Instead of
trying to detect this information every time you transfer a file; how
about proceeding with the transfer as you do now, but after X bytes
being transfered stop and check the file.  If it's a regular file
keep going, otherwise end the current connection and log the item
with red flags.

Another interesting thought is to have this same logic add the filename
to a list of 'bad' filenames to compare against before transfering.  This
would mean that you would transfer X bytes of the device file once per
child; and then, from that point on, it would only log it in the errorlog.
The denying access could be handled by a module; but the transfer of the
file itself is in the core apache is it not?

Hrmm...  Anyone have any thoughts on a 'critical_log'?  Seems that the
'error_log' can get full of useless information.  Perhaps for 2.0?

Enjoy,

P.S.  Anyone going to Networld+Interop in Vegas?  I'd be more than
      interested in meeting some of you apache people.

-- 
Michael Douglass
Texas Networking, Inc.

  <msmith> it's raining...it's pouring...the old man...
  *** Describe: msmith shuts up now.

Mime
View raw message