Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 55109 invoked from network); 9 Jan 2004 14:38:51 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 9 Jan 2004 14:38:51 -0000 Received: (qmail 1896 invoked by uid 500); 9 Jan 2004 14:38:41 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 1875 invoked by uid 500); 9 Jan 2004 14:38:41 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 1844 invoked from network); 9 Jan 2004 14:38:41 -0000 Received: from unknown (HELO mx1.redhat.com) (66.187.233.31) by daedalus.apache.org with SMTP; 9 Jan 2004 14:38:41 -0000 Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.11.6/8.11.6) with ESMTP id i09Ecgg13656 for ; Fri, 9 Jan 2004 09:38:42 -0500 Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90]) by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i09EcfE18668 for ; Fri, 9 Jan 2004 09:38:41 -0500 Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1]) by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i09EceWC027061 for ; Fri, 9 Jan 2004 14:38:40 GMT Received: (from jorton@localhost) by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i09EceG6027060 for dev@httpd.apache.org; Fri, 9 Jan 2004 14:38:40 GMT Date: Fri, 9 Jan 2004 14:38:40 +0000 From: Joe Orton To: dev@httpd.apache.org Subject: Re: log_error_core escaping change broke things Message-ID: <20040109143839.GA26868@redhat.com> Mail-Followup-To: dev@httpd.apache.org References: <3FE2CE0A.2080909@stason.org> <20031219130404.00002a37.nd@perlig.de> <20031219130404.00002a37.nd@perlig.de> <3FE35130.50106@stason.org> <200312211525.hBLFPBY10807@secure.exclamationlabs.net> <3FFC6C58.9070307@modperlcookbook.org> <3FFDC1A8.3060409@stason.org> <20040109102919.00002e32.nd@perlig.de> <3FFEB793.4050808@modperlcookbook.org> <20040109153229.000011d8.nd@perlig.de> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20040109153229.000011d8.nd@perlig.de> User-Agent: Mutt/1.4.1i X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N On Fri, Jan 09, 2004 at 03:32:29PM +0100, Andr� Malo wrote: > * Geoffrey Young wrote: > > > > However, is it wise to add a configure option for it? > > > > how do you mean? I was trying to make it just a compile time option, > > similar to -DBIG_SECURITY_HOLE (which seems to me a bigger risk than > > this). > > do you mean to require users to change a define in the code itself? > > No no. I wanted to say "would it be wise, to add a configure option", such > as --without-escaping-errorlog or so. I don't think it's appropriate to add configure switches to turn off security features: users may not understand the implications of the switch if they just see it in the --help output. CFLAGS=-DUNSAFE_LOG_ESCAPING ./configure is just as easy to document as ./configure --disable-errorlog-escaping in any case. Regards, joe