httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Stoddard <b...@wstoddard.com>
Subject Re: [PATCH] call hook from sig_coredump
Date Mon, 03 Mar 2003 19:14:29 GMT
William A. Rowe, Jr. wrote:
> At 12:30 PM 3/3/2003, Bill Stoddard wrote:
> 
>>Jeff Trawick wrote:
>>
>>>Justin Erenkrantz wrote:
>>>
>>>
>>>>--On Wednesday, February 19, 2003 2:12 PM -0500 Jeff Trawick
>>>>wrote:
>>>>
>>>>
>>>>>The attached patch changes sig_coredump to call a hook.  In the
>>>>>fullness of time, the ap_exception_info_t provided to the hook
>>>>>would contain any and all relevant information available to a
>>>>>signal/exception handler (e.g., siginfo_t on many Unix variants).
>>>>
>>>>
>>>>Here's a compromise that I'd be willing to accept: you have to explictly
>>>>enable this hook at configure-time.  Otherwise, this hook won't be
>>>>executed on a signal.
>>>
>>>Does anybody agree with Justin's compromise (i.e., if I put more effort into this
direction am I going to find out that somebody doesn't think the compromise is conservative
enough :) )?
>>
>>I don't like the idea of enabling this hook at configure time. Why not add the hook
and leave it to modules whether they want to use it or not?  
> 
> 
> Because it is a potential security hole?  The only individual who should 
> choose to expose or prevent the hole would be the administrator who 
> installs (and therefore probably built) Apache.

That same admin controls which modules are loaded as well.

> 
> 
>>I don't see the value in crufting up configure more that it already is.
> 
> 
> Can we piggy-back such features into a single --unwise-but-useful 
> configure option?

Obviously not. If it is -really- unwise, then we should just not do it. 
I see no evidence that is the case though. How, exactly, could this hook 
be remotely and uniquely exploited?

Bill


Mime
View raw message