Return-Path: 
 <new-httpd-return-5176-apmail-new-httpd-archive=apache.org@apache.org>
Delivered-To: apmail-new-httpd-archive@apache.org
Received: (qmail 68607 invoked by uid 500); 17 Jun 2000 07:05:05 -0000
Mailing-List: contact new-httpd-help@apache.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
Reply-To: new-httpd@apache.org
list-help: <mailto:new-httpd-help@apache.org>
list-unsubscribe: <mailto:new-httpd-unsubscribe@apache.org>
list-post: <mailto:new-httpd@apache.org>
Delivered-To: mailing list new-httpd@apache.org
Received: (qmail 68596 invoked from network); 17 Jun 2000 07:05:05 -0000
From: "William A. Rowe, Jr." <wrowe@lnd.com>
To: <new-httpd@apache.org>
Subject: RE: cvs commit: apache-1.3 STATUS
Date: Sat, 17 Jun 2000 02:04:57 -0500
Message-ID: <000401bfd82a$5bfb5fd0$345985d0@corecomm.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
In-Reply-To: <20000617070205.68320.qmail@locus.apache.org>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Importance: Normal
X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N

> wrowe       00/06/17 00:02:05
> 
>   Modified:    .        STATUS
>   Log:
>     Not much left on this list :)
>   
>   Revision  Changes    Path
>   1.829     +5 -15     apache-1.3/STATUS
>   
>   Index: STATUS
>   ===================================================================
>        * Close the security hole in stat() by testing for anything other 
>            than conventional file-not-found, permission-denied errors and
>            rejecting the request then and there.  By rights, all of these 
>            cases aught to be Not Found, not Permission Denied, or maybe 500?

I'm lost.  Is anyone on the track for this fix?  I have the concept, but
don't really want to be the OGP for any further common code changes to the
1.3.13 tree... although I will test the heck out of whatever is proposed,
of course :)

Bill