httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Showstoppers
Date Tue, 05 May 1998 23:43:11 GMT

So we are aiming to get a Release Candidate out on the 11th.  That's in 6
days.  We have six open issues to address.  That's only an issue a day!
More seriously, we (*everyone* on new-httpd) needs to take a look at the
below issues and see if you can't help address them.  A few comments:

1) Ralf's DSO patch.  I think he understands this well enough that I don't
have a problem with him committing this, but if you have a strong feeling
on this section of code take a glance at it.

2) Security audit on psprintf(), bprintf(), and ap_snprintf(), their
flush_funcs, and on the Win32 code.  I will see if I can find resources
outside of the group to help with this, but there are others here in group
who have done this before.

3) What does "magic con/aux/nul/etc names" mean?  Dean, you added this... I
didn't want to remove it from the showstopper list without knowing what you

4) the chdir() calls seem like they'd be easy to fix.

Thanks all.




    * Ralf's "[PATCH] Fix module execution order for DSO situation (take 2)":
      This is the final patch for 1.3b7 to make sure the module execution
      order is correct even when the DSO mechanism is used. This is mainly
      achieved by fixing the AddModule command.
      See: [dsoexecorder]
      Status: Ralf +1, Brian +1.

    * Someone other than Dean has to do a security/correctness review on
      psprintf(), bprintf(), and ap_snprintf().  In particular these routines
      do lots of fun pointer manipulations and such and possibly have overflow
      errors.  The respective flush_funcs also need to be exercised.
       o Jim's looked over the ap_snprintf() stuff (the changes that Dean
         did to make thread-safe) and they look fine.

    * The DoS issue about symlinks to /dev/zero is still present.
      A device checker patch had been sent to the list a while ago.
      PATCH: Make the code wrapped by unvoted_DISALLOW_DEVICE_ACCESS
             the default in ap_pcfg_openfile()
      Status: Martin +1, Jim +1


    * SECURITY: check if the magic con/aux/nul/etc names do anything
        really bad

    * SECURITY: numerous uses of strcpy and strcat have potential
        for buffer overflow, someone should rewrite or verify
        they're safe

    * bad use of chdir in some places; it isn't thread-specific

pure chewing satisfaction                        

View raw message