httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lynn Winebarger <l...@freespeech.org>
Subject Re: Questions regarding viability of development plan
Date Mon, 18 Sep 2000 18:35:39 GMT
On Mon, 18 Sep 2000 rbb@covalent.net wrote:
> On Mon, 18 Sep 2000, Greg Ames wrote:
> > Lynn Winebarger wrote:
> > > 4) hack away at Apache to enable per virtual host user ids internally
> > > (requiring all process to either run as root with all attendant deadly
> > > hazards, or force processes to only deal with single vhost requests)
> > > [(5) Wait for Apache 2.0 to become stable?]
> > > 
> > 
> > Ryan, what about your perchild mpm?  Would that help here? 
> 
> That's option #5, wait for 2.0.
> 
    But the question is, which do you think will take longer; 2.0 to
become stable (and the mod_* interpreters to be ready for it, and
efficient enough to be useable), or to do 4 and a security audit
(including at least the more popular modules).  
    John Barret's comment leads me to think (a) I'm not the only one
wanting this feature/highly probably security hole, and (b) it's been
discussed before.  Maybe someone can point me to when one of those
discussions took place so I can look it up for the
(non-obvious/apache-specific) issues involved?

Lynn


Mime
View raw message