William A. Rowe, Jr. wrote:
> At 12:30 PM 3/3/2003, Bill Stoddard wrote:
>
>>Jeff Trawick wrote:
>>
>>>Justin Erenkrantz wrote:
>>>
>>>
>>>>--On Wednesday, February 19, 2003 2:12 PM -0500 Jeff Trawick
>>>>wrote:
>>>>
>>>>
>>>>>The attached patch changes sig_coredump to call a hook. In the
>>>>>fullness of time, the ap_exception_info_t provided to the hook
>>>>>would contain any and all relevant information available to a
>>>>>signal/exception handler (e.g., siginfo_t on many Unix variants).
>>>>
>>>>
>>>>Here's a compromise that I'd be willing to accept: you have to explictly
>>>>enable this hook at configure-time. Otherwise, this hook won't be
>>>>executed on a signal.
>>>
>>>Does anybody agree with Justin's compromise (i.e., if I put more effort into this
direction am I going to find out that somebody doesn't think the compromise is conservative
enough :) )?
>>
>>I don't like the idea of enabling this hook at configure time. Why not add the hook
and leave it to modules whether they want to use it or not?
>
>
> Because it is a potential security hole? The only individual who should
> choose to expose or prevent the hole would be the administrator who
> installs (and therefore probably built) Apache.
That same admin controls which modules are loaded as well.
>
>
>>I don't see the value in crufting up configure more that it already is.
>
>
> Can we piggy-back such features into a single --unwise-but-useful
> configure option?
Obviously not. If it is -really- unwise, then we should just not do it.
I see no evidence that is the case though. How, exactly, could this hook
be remotely and uniquely exploited?
Bill
|