httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject backporting device-check to 1.2
Date Wed, 20 May 1998 09:50:52 GMT

>From CHANGES in 1.3:

  *) When opening "configuration" files (like httpd.conf, htaccess
     and htpasswd), Apache will not allow them to be non-/dev/null
     device files. This closes a DoS hole. At the same time,
     we use ap_pfopen to open these files to handle timeouts.
     [Jim Jagielski, Martin Kraemer]

Could one of you two backport this to 1.2, given it's sort of a security
patch?  Thanks.


View raw message