httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@covalent.net
Subject Re: Deja vu
Date Thu, 04 Jan 2001 16:14:26 GMT

> > > > This needs to be VERY well documented if we are going to try to implement
> > > > it.  Basically, this means that suexec and userdir can't really be put
> > > > into the same server on a machine with a threaded MPM and without _r
> > > > functions.  Doing so will open a potential security whole.  Both userdir
> > > > and SuEXec use the C Run-Time functions to get information from the
> > > > password database, and if they happen to do so at the same time from the
> > > > same process, we have problems.
> > >
> > > So we should make that function exit with an error that indicates that
> > > it isn't threadsafe - which will ultimately cause (if they are correctly
> > > written) suexec and userdir to fail with an appopriate diagnostic,
> > > right?
> > 
> > Basically, yes.
> 
> BTW, I don't understand why you are concerned with a collision between
> userdir and suexec and not collisions with themselves?

Because the mutex that we described would prevent collision with
themselves.  We said that we were going to put a mutex in apr_home_dir, to
lock other threads from calling it at the same time.  That works just
fine, but it doesn't protect the other functions in the C Run-Time that
use the password database.

I wanted a concrete example, and I believe that mod_userdir only calls
into that set of functions once, so it wasn't a good example IMO.

Ryan

_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
406 29th St.
San Francisco, CA 94131
-------------------------------------------------------------------------------


Mime
View raw message