httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: Deja vu
Date Thu, 04 Jan 2001 11:44:58 GMT
rbb@covalent.net wrote:
> 
> > > This needs to be VERY well documented if we are going to try to implement
> > > it.  Basically, this means that suexec and userdir can't really be put
> > > into the same server on a machine with a threaded MPM and without _r
> > > functions.  Doing so will open a potential security whole.  Both userdir
> > > and SuEXec use the C Run-Time functions to get information from the
> > > password database, and if they happen to do so at the same time from the
> > > same process, we have problems.
> >
> > So we should make that function exit with an error that indicates that
> > it isn't threadsafe - which will ultimately cause (if they are correctly
> > written) suexec and userdir to fail with an appopriate diagnostic,
> > right?
> 
> Basically, yes.

BTW, I don't understand why you are concerned with a collision between
userdir and suexec and not collisions with themselves?

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Mime
View raw message