Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 99148 invoked from network); 4 Aug 2004 17:43:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 4 Aug 2004 17:43:04 -0000 Received: (qmail 42194 invoked by uid 500); 4 Aug 2004 15:27:16 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 42106 invoked by uid 500); 4 Aug 2004 15:27:14 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 42088 invoked by uid 99); 4 Aug 2004 15:27:12 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [196.30.143.210] (HELO gatekeeper.fma.co.za) (196.30.143.210) by apache.org (qpsmtpd/0.27.1) with ESMTP; Wed, 04 Aug 2004 08:27:10 -0700 Received: from localhost (localhost.localdomain [127.0.0.1]) by gatekeeper.fma.co.za (Postfix) with ESMTP id CA471346C5 for ; Wed, 4 Aug 2004 17:26:48 +0200 (SAST) Received: from gatekeeper.fma.co.za ([127.0.0.1]) by localhost (gatekeeper.fma.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09866-02 for ; Wed, 4 Aug 2004 17:26:47 +0200 (SAST) Received: from [196.30.143.210] (gatekeeper.fma.co.za [196.30.143.210]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gatekeeper.fma.co.za (Postfix) with ESMTP id C49E7346C3 for ; Wed, 4 Aug 2004 17:26:41 +0200 (SAST) Message-ID: <41110030.1030609@sharp.fm> Date: Wed, 04 Aug 2004 17:26:40 +0200 From: Graham Leggett User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040623 X-Accept-Language: en-za, en-us, en MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: [PATCH] mod_disk cached fixed References: <4110DCFF.3010007@web.turner.com> In-Reply-To: <4110DCFF.3010007@web.turner.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms050209060906090202020208" X-Virus-Scanned: by amavisd-new at fma.co.za X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N This is a cryptographically signed message in MIME format. --------------ms050209060906090202020208 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Brian Akins wrote: > Sorry about this, but the last patch had a mistake in the writev How resilient is this to garbage data on the disk? A risk exists of somebody getting write access to the headers cache file, and then crafting a cache headers file which when read causes a takeover of the webserver. Just want to check that it's covered. Regards, Graham -- --------------ms050209060906090202020208 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJGzCC AugwggJRoAMCAQICAwyZ8DANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNjMwMTUxNjQ1WhcNMDUwNjMwMTUxNjQ1 WjBdMRAwDgYDVQQEEwdMZWdnZXR0MQ8wDQYDVQQqEwZHcmFoYW0xFzAVBgNVBAMTDkdyYWhh bSBMZWdnZXR0MR8wHQYJKoZIhvcNAQkBFhBtaW5mcmluQHNoYXJwLmZtMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbwE90xkX5511UvMm4pwnFvv0nIIORsm+b+7Vgf04cob H+fQaDVSDgKfZBm4lgoKQtv/2N+jXxzKtubau6yNMYvN+7iVkQJuLIjpo4DQ2tb+hIvVsFvc WkkFpm2+a8lIop1grh2OVIfxHfI/3OA4LbX1Ryq2qAou7TzQh6Te8KjdSigbf1l2gAyCT4ex wLosSdHcTzv2WrYePJP107czC9gE237E68b+63Wmrc42Q4toz09XAaJnxebqSXWKhSx4h8cv 10hweAYXF5WiEUbINGoRD3V7pWRTbOBcz/oPpD8kh6kSu7iyDuchdOfIpy150ff/FCtI8h7f LEXnBvh16wIDAQABoy0wKzAbBgNVHREEFDASgRBtaW5mcmluQHNoYXJwLmZtMAwGA1UdEwEB /wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAgTOjVmbVAi4gtKNhUI2UcMWE56z6nG7KxQZ2EmJS IDhXopbZsXtuOugBDxI1X49aqyQqOktHgWjiii/G0poKhNei3IrUuPB2bp9zo8MtiyB2brXg lvj5N90jsA94MEMtnDLcdlP4C+XkyzarbUAh9TJxxmleateHTyZWIOZcPR0wggLoMIICUaAD AgECAgMMmfAwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0 ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVl bWFpbCBJc3N1aW5nIENBMB4XDTA0MDYzMDE1MTY0NVoXDTA1MDYzMDE1MTY0NVowXTEQMA4G A1UEBBMHTGVnZ2V0dDEPMA0GA1UEKhMGR3JhaGFtMRcwFQYDVQQDEw5HcmFoYW0gTGVnZ2V0 dDEfMB0GCSqGSIb3DQEJARYQbWluZnJpbkBzaGFycC5mbTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAMG8BPdMZF+eddVLzJuKcJxb79JyCDkbJvm/u1YH9OHKGx/n0Gg1Ug4C n2QZuJYKCkLb/9jfo18cyrbm2rusjTGLzfu4lZECbiyI6aOA0NrW/oSL1bBb3FpJBaZtvmvJ SKKdYK4djlSH8R3yP9zgOC219UcqtqgKLu080Iek3vCo3UooG39ZdoAMgk+HscC6LEnR3E87 9lq2HjyT9dO3MwvYBNt+xOvG/ut1pq3ONkOLaM9PVwGiZ8Xm6kl1ioUseIfHL9dIcHgGFxeV ohFGyDRqEQ91e6VkU2zgXM/6D6Q/JIepEru4sg7nIXTnyKctedH3/xQrSPIe3yxF5wb4desC AwEAAaMtMCswGwYDVR0RBBQwEoEQbWluZnJpbkBzaGFycC5mbTAMBgNVHRMBAf8EAjAAMA0G CSqGSIb3DQEBBAUAA4GBAIEzo1Zm1QIuILSjYVCNlHDFhOes+pxuysUGdhJiUiA4V6KW2bF7 bjroAQ8SNV+PWqskKjpLR4Fo4oovxtKaCoTXotyK1Ljwdm6fc6PDLYsgdm614Jb4+TfdI7AP eDBDLZwy3HZT+Avl5Ms2q21AIfUyccZpXmrXh08mViDmXD0dMIIDPzCCAqigAwIBAgIBDTAN BgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTES MBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UE CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBl cnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0 aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMC WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1Ro YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAK MNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTX p6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYB Af8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBl cnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYD VQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2as Zw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSe JVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHT HUb/XV9lTzGCAzswggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAgMMmfAwCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3 DQEHATAcBgkqhkiG9w0BCQUxDxcNMDQwODA0MTUyNjQwWjAjBgkqhkiG9w0BCQQxFgQUuPle 4ZbkFCMVmG6+m2aQwsIWrEIwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG 9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYB BAGCNxAEMWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcg KFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vpbmcg Q0ECAwyZ8DB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBAgMMmfAwDQYJKoZIhvcNAQEBBQAEggEAlGgemhuRsJeapghF bpiI0z47thAUiKsD4t2L4HwEk/5jOwldDC1oCBkapEla6KrF+h66FsH4BYWZJYbSH1Rl+NPy oF7cMYtHXhDIyz/1SxDsyIUmkgcsJ8V6jQE8T6ZzHl5WfpXejyiQF181JpORzkNc3jFZRkhp 0XGW3wdG/HEr530YQAOnsS4CpAANUhdzV0XwagWfBu7X/m5g4uEzEteIj7N7BK2McbZV3dth 90nqXCY/B5bt+oiMubiVKfFdo26XTyYio+fsd8eRcc1FQSLXcTsuUMILZT8Qpc66kcV/d6Lh 1DDrU2S37xY2jKA5vsoy+sX4DSSTJEf9T7tAGQAAAAAAAA== --------------ms050209060906090202020208--