httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: Deja vu
Date Thu, 04 Jan 2001 20:05:53 GMT
rbb@covalent.net wrote:
> 
> > > > > This needs to be VERY well documented if we are going to try to implement
> > > > > it.  Basically, this means that suexec and userdir can't really be
put
> > > > > into the same server on a machine with a threaded MPM and without
_r
> > > > > functions.  Doing so will open a potential security whole.  Both
userdir
> > > > > and SuEXec use the C Run-Time functions to get information from the
> > > > > password database, and if they happen to do so at the same time from
the
> > > > > same process, we have problems.
> > > >
> > > > So we should make that function exit with an error that indicates that
> > > > it isn't threadsafe - which will ultimately cause (if they are correctly
> > > > written) suexec and userdir to fail with an appopriate diagnostic,
> > > > right?
> > >
> > > Basically, yes.
> >
> > BTW, I don't understand why you are concerned with a collision between
> > userdir and suexec and not collisions with themselves?
> 
> Because the mutex that we described would prevent collision with
> themselves.  We said that we were going to put a mutex in apr_home_dir, to
> lock other threads from calling it at the same time.  That works just
> fine, but it doesn't protect the other functions in the C Run-Time that
> use the password database.

I'm obviously missing something - why does it matter that two different
modules use apr_home_dir? Surely the fact that _anything_ threaded uses
it is enough to screw us?

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Mime
View raw message