httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [PATCH] call hook from sig_coredump
Date Mon, 03 Mar 2003 20:36:04 GMT
At 02:12 PM 3/3/2003, Justin Erenkrantz wrote:
>--On Monday, March 3, 2003 2:14 PM -0500 Bill Stoddard <bill@wstoddard.com> wrote:
>
>>Obviously not. If it is -really- unwise, then we should just not do it. I
>>see no evidence that is the case though. How, exactly, could this hook be
>>remotely and uniquely exploited?
>
>We need to keep our signal handling code to a minimum since we can make no assumptions
about the system integrity once we enter such routines.  Allowing a hook to always be run
by default seems like asking for trouble (because it'd be a global structure that might be
susceptible to being maliciously overwritten).
>
>We've had strong recommendations from security types in the past to remove sig_coredump
entirely.  -- justin

Maybe that's the answer.  One compile flag to eliminate the segv handler
altogether, along with the proposed hook, or keep segv handling along with
the hook.  --segv-handler=enable|disable  ???

No need for an in between 'one but not the other', at least I don't believe.

Bill 


Mime
View raw message