httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: Deja vu
Date Wed, 03 Jan 2001 23:42:51 GMT

> > This needs to be VERY well documented if we are going to try to implement
> > it.  Basically, this means that suexec and userdir can't really be put
> > into the same server on a machine with a threaded MPM and without _r
> > functions.  Doing so will open a potential security whole.  Both userdir
> > and SuEXec use the C Run-Time functions to get information from the
> > password database, and if they happen to do so at the same time from the
> > same process, we have problems.
> So we should make that function exit with an error that indicates that
> it isn't threadsafe - which will ultimately cause (if they are correctly
> written) suexec and userdir to fail with an appopriate diagnostic,
> right?

Basically, yes.


Ryan Bloom               
406 29th St.
San Francisco, CA 94131

View raw message