Return-Path: Delivered-To: new-httpd-archive@hyperreal.org Received: (qmail 11040 invoked by uid 6000); 25 May 1998 03:46:56 -0000 Received: (qmail 11031 invoked from network); 25 May 1998 03:46:54 -0000 Received: from ns2.remulak.net (HELO Mail.Golux.Com) (coar@198.115.138.27) by taz.hyperreal.org with SMTP; 25 May 1998 03:46:54 -0000 Received: (from coar@localhost) by Mail.Golux.Com (8.8.5/8.8.5) id XAA22977; Sun, 24 May 1998 23:45:22 -0400 Date: Sun, 24 May 1998 23:45:22 -0400 Message-Id: <199805250345.XAA22977@Mail.Golux.Com> From: Rodent of Unusual Size To: Apache HTTP developers Subject: [STATUS] (apache-1.3) Sun May 24 23:45:19 EDT 1998 X-Note: This is an automated message. Sender: new-httpd-owner@apache.org Precedence: bulk Reply-To: new-httpd@apache.org Apache 1.3 STATUS: Release: 1.3.0: Shoot for May 19, 1998 Release! Brian to be RM, Jim will do announcements 1.3b7: 1.3.0 release candidate for May 13th 2.0 : In pre-alpha development, see apache-2.0 repository FINAL RELEASE SHOWSTOPPERS: WIN32 1.3 FINAL RELEASE SHOWSTOPPERS: * SECURITY: numerous uses of strcpy and strcat have potential for buffer overflow, someone should rewrite or verify they're safe * CGI: chdir() needs to be reinstated for CGI. * Child process: eliminate spawn_child() and spawn_child_err() which are unsafe in mod_rewrite.c * Win95: when authentication is required for directory /foobar/, direct access to /foobar/bletch is permitted. PR #2145 Documentation that needs writing: * Documentation for: 1) htdocs/manual/sourcereorg.html and other files should mention new mod_so capabilities. 2) windows.html should be cleaned up. * Need a document explaining mod_rewrite/"UseCanonicalName off" based virtualhosting. (If it exists already I can't find it easily.) Available Patches: * Wilfredo Sanchez's port to Rhapsody 5.1 for 1.2.6 - forward port to 1.3? <199804182347.QAA05438@scv2.apple.com> * Ralf's "configure generates config.status": A tiny addition for the APACI configure script to provide an easy way (like GNU Autoconf) to re-create the configuration See: http://www.engelschall.com/sw/apache/ [configstatus] Status (for 1.3.1-dev): Ralf +1, Martin +1 * Ralf's "...": This patch adds a useful ... section to the core module very similar to the existing ... sections. The intent is to provide _LOGICAL_ conditions based on arbitrary defined parameters. The parameters are specified on the "httpd" command line via -D options. See: http://www.engelschall.com/sw/apache/ [ifdefine] Status (for 1.3.1-dev): Ralf +1 * Ralf's "substitute some more configuration parameters": This patch lets APACI's configure script determine more configuration parameters (Group, Port, ServerAdmin, ServerName) via some intelligent tests to remove some of the classical hurdles for new users when setting up Apache. See: http://www.engelschall.com/sw/apache/ [substconfparam] Status (for 1.3.1-dev): Ralf +1 * Ralf's "command line option to do a config syntax check only": This patch adds a -t option to httpd which forces Apache to parse and check its configuration files but exit immediately after this step. It is useful for checking the syntax of the config files before doing a restart of a running server, especially from within cron jobs. There you must avoid a server going down just because of recently introduced syntax error in one of the config files. See: http://www.engelschall.com/sw/apache/ [configcheckoption] Status (for 1.3.1-dev): Ralf +1 * Ralf's "linking DSO modules against possible libraries from $(LIBS)": This patch is a first step for a more powerful and less restrictive DSO mechanism: We allow DSO modules to be linked against other DSO libraries when the system permits it. See: http://www.engelschall.com/sw/apache/ [libshlib] Status (for 1.3.1-dev): Ralf +1 In progress: * Ken's IndexFormat enhancement to mod_autoindex to allow CustomLog-like tailoring of directory listing formats Needs patch: * get_path_info bug; ap_get_remote_host should be ap_vformatter instead. See: * uri issues - RFC2068 requires a server to recognize its own IP addr(s) in dot notation, we do this fine if the user follows the dns-caveats documentation... we should handle it in the case the user doesn't ever supply a dot-notation address. * Amdalh UTS 2.1.2 Message-Id: <9801211635.ZM7239@ihgp1.ih.lucent.com> Message-Id: <199801220935.BAA13813@tiber.cisco.com> Jim: Sounded like the version of the OS that required the patches were WAY old and would bugger the newer versions... Not sure if we want to do that. * Problems dealing with .-rooted domain names such as "twinlark." versus "twinlark.arctic.org.". See the thread containing Message-ID: <19980203211817.06723@deejai.mch.sni.de> for more details. In particular this affects the correctness of the proxy and the vhost mechanism. * PR#1799: we need to add a "default" or "none" handler to deal with filenames such as foo.map.gif which aren't image maps, and shouldn't be considered such. See discussion in <34ED6E5A.29555AB8@Golux.Com> <34EECEB1.5AD015CF@Golux.Com> (feb98 archives) Jim: I thought that we decided "default", although Ken thought it ugly Ken: I just don't like using "Add" when reverting something; not a -1 * proxy_*_canon routines use r->proxyreq incorrectly. See * LynxOS has system-level conf.h file Seems that Lynx has a system level conf.h file that ours overrules, so it doesn't compile correctly. To accomodate, we would need to rename our conf.h to something "safe". Possible choices: apconf.h : applatforms.h : apdefaults.h : apdefines.h : Open issues: * Someone other than Dean has to do a security/correctness review on psprintf(), bprintf(), and ap_snprintf(). In particular these routines do lots of fun pointer manipulations and such and possibly have overflow errors. The respective flush_funcs also need to be exercised. o Jim's looked over the ap_snprintf() stuff (the changes that Dean did to make thread-safe) and they look fine. o Laura La Gassa's looked over ap_vformatter & other related code o Martin did a "source review" as well. o Could still use 1 or 2 more sets of eyeballs. * Paul would like to see a 'gdbm' option because he uses it a lot. * Maybe a http_paths.h file? See +1: Brian, Paul, Ralf, Martin +0: Jim (not for 1.3.0) * Release builds: Should we provide Configuration or not? Should we 'make all suexec' in src/support? +1: Brian, Jim, Ken +1 (possible suexec path issue, though) * root's environment is inherited by the Apache server. Jim & Ken think we should recommend using 'env' to build the appropriate environment. Marc and Alexei don't see any big deal. Martin says that not every "env" has a -u flag. * Marc's socket options like source routing (kill them?) Marc, Martin say Yes * Ken's PR#1053: an error when accessing a negotiated document explicitly names the variant selected. Should it do so, or should the original URI be referenced? * Proposed API Changes: - r->content_language is for backwards compatibility... with modules that may not link any longer without some minor editing. The new field is r->content_languages. Heck it's not even mentioned in apache-devsite/mmn.txt when we got content_languages (note the s!). The proposal is to remove r->content_language: Status: Paul +1, Ralf +1, Ken +1 - child_exit() is redundant, it can be implemented via cleanups. It is not "symmetric" in the sense that there is no exit API method to go along with the init() API method. There is no need for an exit method, there are already modules using cleanups to perform this (see mod_mmap_static, and mod_php3 for example). The proposal is to remove the child_exit() method and document cleanups as the method of handling this need. Status: Rasmus +1, Paul +1, Jim +1, Martin +1, Ralf +1, Ken +1 * Should we re-enable nagle now that we're non-buffering CGIs? See various messages from Marc in March 98. Win32 specific issues: In progress: * Ben's ASP work... All agree it sounds cool. * DDA's adding a tray application to the Windoze version for ease of status/management. <01BCDB29.2C04DEB0@caravan.individual.com> <01BCDB2A.F8C09010@caravan.individual.com> Status: Ken +1, Sameer +1, Martin +1, Ben +1 (as long as we get a single executable) Paul: No like Win95 specific stuff Ken: What's W95-specific about it? Help: * SECURITY: check if the magic con/aux/nul/etc names do anything really bad * chdir() for CGI scripts and mod_include #exec needs to be re-implemented now that CreateProcess is being used. * process/thread model - need dynamic thread creation/destruction, similar to Unix process model - can't use WaitForMultipleObjects in the same way we do now, since that has a limit of 64(!) objects. Grr. PR#1665 * some errors printed by CGIs to stderr don't end up making it to the server log unless an extra debugging message is added after they run? (PR#1725 indicates this may not be just Win32) * handle bugs that make it pop up errors on console, ie. segv equiv? Can we do this? Need to make it robust. * install - make installshield work - config in cvs tree? - install docs, etc.? - location for install * the mutex should be critical-regions, since the current design is creating a mess of SO calls that are unnecessary * we don't mmap on NT. Use TransmitFile? * CGIs - docs on how they work w/scripts - use registry to find interpreter? - WTF is the buffering coming from? - we don't have a way to make non-blocking files on NT! * performance * documentation: - running the server without admin - how CGIs work - update README.NT - short/long name handling - better status page on current state of NT for users * http_main.c hell - split into two files? * who should run the service? Who exactly is the "system account"? docs say: Localsystem is a very privileged account locally, so you shouldn't run any shareware applications there. However, it has no network privileges and cannot leave the machine via any NT-secured mechanism, including file system, named pipes, DCOM, or secure RPC. and: A service that runs in the context of the LocalSystem account inherits the security context of the SCM. It is not associated with any logged-on user account and does not have credentials (domain name, user name, and password) to be used for verification. This has several implications: [... removed ...] That _really_ sucks. Can we recommend running Apache as some other user? * need a crypt() of some sort. - sources are easy; problem is export restrictions on DES - if we don't do DES, can do md5 * modules that need to be made to work on win32 - mod_example isn't multithreadreded - mod_unique_id (needs mt changes) - mod_auth_db.c (do we want to even try this? We should have some db of some sort... what else can we pick from under win32?) - mod_auth_dbm.c - mod_info.c (PR re exporting symbols for it...) - mod_log_agent.c - mod_log_referer.c - mod_mime_magic.c (needs access to mod_mime API stage...) * do something to disable bogus warnings * rfc1413.c has static storage which won't work multithreaded * mod_include --> exec cgi, exec cmd, etc. don't work right. Looks like a code path that isn't run anywhere else that has something not quite right... A PR or two on it. * signal type handling - how to rotate logs from command line? * Currently if you double click on the conf files or the log files you get a useless dialog offering the set of all execuables, usually after a very long pause. Ought to stuff .conf in the registry mapping it to text. * apparently either "BrowserMatch" or the "nokeepalive" variable cause instability - see PR#1729. Delayed until after 1.3.0, unless someone happens to get to it: * Arnt Gulbrandsen 03 Apr 1998 21:28:17 +0200 mod_usertrack.c patch: The patch provides per-domain cookies (which I use to share user-ids among the *.troll.no web servers) and configurable cookie names. It also marginally increases the efficiency of Apache when the server runs with DNS lookups turned off. Update: Dean found one part of the patch unacceptable, Arnt is in the process of updating it. * TZ should not be dealt with specially any longer now that we have "PassEnv". See Jim: IMO it's too late in the game for this... I'm sure this would cause some strange bug reports as people's cgi-scripts no longer work correctly ("It worked just fine before I upgraded to 1.3.0") unless we warn people in big nasty letters to add PassEnv TZ to their config files "just in case" and hope they do it :) * proxy module doesn't load on Win95. Why? Good question. PR#1462. * In ap_bclose() there's no test that (fb->fd != -1) -- so it's possible that it'll do something completely bogus when it's used for read-only things. - Dean Gaudet * ap_pcfg_openfile doesn't use pfopen() to open the file. Consider .htaccess parsing, if a timeout occurs the file may not be closed. I can't imagine that a timeout would be set during this stage... but it'd probably be good to just clean this up. - Dean Gaudet * Okay, so our negotiation strategy needs a bit of refinement. See . In general, we need to go through and clean up the negotiation module to make it compliant with the final HTTP/1.1 draft, and at the very least we should make it more copacetic to the idea of transferring gzipped variants of files when both variants exist on the server. * Roy's HTTP/1.1 Wishlist items: 1) New status codes? 2) Expect 3) byte range error handling 4) update the Accept-Encoding parser to allow q-values 5) would be nice if the proxy used Via and Max-Forwards, even as HTTP/1.0 * #ifdef __EMX__ --> #ifdef OS2. * use of spawnvp in uncompress_child in mod_mime_magic - doesn't use the new child_info structure, is this still safe? Needs to be looked at. * suexec doesn't understand argv parameters; e.g. fails even when "ls" is in the same directory because suexec is trying to stat a file called "ls -l". A patch for this is available at http://www.xnet.com/~emarshal/suexec.diff and it's not bad except that it doesn't handle programs with spaces in the filename (think win32, or samba-mounted filesystems). There are several PR's to this and I don't see for security reasons why we can't accomodate it, though it does add complexity to suexec.c. PR #1120 Brian: +1