httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@lnd.com>
Subject RE: cvs commit: apache-1.3 STATUS
Date Sat, 17 Jun 2000 07:04:57 GMT
> wrowe       00/06/17 00:02:05
> 
>   Modified:    .        STATUS
>   Log:
>     Not much left on this list :)
>   
>   Revision  Changes    Path
>   1.829     +5 -15     apache-1.3/STATUS
>   
>   Index: STATUS
>   ===================================================================
>        * Close the security hole in stat() by testing for anything other 
>            than conventional file-not-found, permission-denied errors and
>            rejecting the request then and there.  By rights, all of these 
>            cases aught to be Not Found, not Permission Denied, or maybe 500?

I'm lost.  Is anyone on the track for this fix?  I have the concept, but
don't really want to be the OGP for any further common code changes to the
1.3.13 tree... although I will test the heck out of whatever is proposed,
of course :)

Bill

Mime
View raw message