httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject RE: [PATCH] 2.0 suexec again
Date Sat, 16 Sep 2000 02:05:40 GMT
> From: Manoj Kasichainula [mailto:manoj@io.com]
> Sent: Friday, August 25, 2000 4:50 AM
> 
> Reworked suexec for 2.0 is attached. 
> 
> - Desperately needs security auditing.
> 
> I'm still not inclined to commit this patch unless it gets a security
> audit from someone besides me. No suxec support is better than buggy
> suexec support.

I disagree, with a caviat,

I'd drop in a memo at the top of the file:

/* suexec audit status:  UNAUDITED
 * security confidence:  NONE
 */

That simple.  Ditto to the STATUS file.

It's an Alpha... and certainly not -complete- or -tested-.

If noone independently tests this, then back it out before beta 1...
otherwise they can build on your work.

It's a sandbox... use it :-)

[but feel free to ignore me if others strongly disagree]

I'm presuming you have broken nothing, of course ;-)

Bill

Mime
View raw message