httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject Re: SDBM 2.0 'namespace protection'
Date Wed, 29 Nov 2000 17:52:10 GMT
On Wed, Nov 29, 2000 at 09:14:52AM -0800, William A. Rowe, Jr. wrote:
> Question...
> 
> I'm again jumping betwixt and between 1.3 and 2.0 - and have
> a really simple issue with SDBM...  why are we namespace
> protecting and modifing this code, given that we now have
> apu_dbm as a wrapper?

Because it is linked into the process, and the symbols are visible from
other things that get pulled into Apache.

We namespace protect everything that might be visible, whether it is
intended for use by other modules or not. Since the stuff goes into the same
process space as other, arbitrary code, we need to protect it (and protect
others from it).

> I'd like to see SDBM go back to a (relatively) pure and
> original implementation, and have our wrapper add any namespace
> protection and other features (pools, etc.)

There is no such thing as a "pure and original implementation." The code was
developed in the early 1990s, made bug free, and effectively abandoned to
the Public Domain.

I scrounged a copy from somewhere, integrated fixes from Perl, swapped fixes
with Ralf (he uses it in mod_ssl), brought the code up to ANSI standards
(you wouldn't believe some of the crap that was in there), and then APR-ized
it when it went into Apache 2.0 (to get portable file mgmt, portable file
locking, and the protection of pools for allocation).

I don't see any purpose served by losing any of those mods.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Mime
View raw message