httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject RE: [PATCH] 2.0 suexec again
Date Sat, 16 Sep 2000 02:05:40 GMT
> From: Manoj Kasichainula []
> Sent: Friday, August 25, 2000 4:50 AM
> Reworked suexec for 2.0 is attached. 
> - Desperately needs security auditing.
> I'm still not inclined to commit this patch unless it gets a security
> audit from someone besides me. No suxec support is better than buggy
> suexec support.

I disagree, with a caviat,

I'd drop in a memo at the top of the file:

/* suexec audit status:  UNAUDITED
 * security confidence:  NONE

That simple.  Ditto to the STATUS file.

It's an Alpha... and certainly not -complete- or -tested-.

If noone independently tests this, then back it out before beta 1...
otherwise they can build on your work.

It's a sandbox... use it :-)

[but feel free to ignore me if others strongly disagree]

I'm presuming you have broken nothing, of course ;-)


View raw message