httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <>
Subject Re: Contributing Binary Distributions?
Date Thu, 01 Mar 2001 22:40:04 GMT
On Thu, Mar 01, 2001 at 02:47:33PM -0600, William A. Rowe, Jr. wrote:
> > If we expect more contributions like this, we might want to come up with
> > a way to contribute these.
> mod_dav anyone :-?

That would certainly be an excellent choice, without needing to open up FTP.
People can then use cadaver or Web Folders or what-have-you to upload

Do we have any process to check uploaded binaries, though? (regardless of
how they got there!) Consider that Apache is always started as root. What is
to prevent somebody from uploading a binary that grabs /etc/shadow and
/etc/passwd and mails them off somewhere? Now, every time somebody uses that

Personally, I'm almost of the mind that we only accept binaries from


Greg Stein,

View raw message