httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: walk caching to avoid extra authnz
Date Wed, 06 Dec 2006 13:34:14 GMT
On Tue, 05 Dec 2006 17:06:16 -0800
Chris Darroch <chrisd@pearsoncmg.com> wrote:

> Hi --
> 
>    The short version of this email is, please, can people review
> this patch for server/request.c and see if it breaks anything?
> There are versions for trunk and 2.2.x.  Thanks in advance!
> 
> http://people.apache.org/~chrisd/patches/walk_cache/

On a quick look, I'm surprised the patches against trunk and 2.2.x
look so similar.

There's a comment in both 2.2.x and trunk, just at the start of your
patch, saying:

    /* Skip authn/authz if the parent or prior request passed the
authn/authz,
     * and that configuration didn't change (this requires optimized
_walk()
     * functions in map_to_storage that use the same merge results given
     * identical input.)  If the config changes, we must re-auth.
     */

which looks like exactly what your patch is doing.  WTF?

Second, there are substantial changes in directory_walk which I
would expect to affect this.  Did you observe the problem behaviour
in both 2.2.x and trunk?

>    So ... comments, criticisms?  What's the policy on changes like
> this going into trunk, if I don't hear much from anyone?

In this instance, we need to work through how this relates to
relevant updates leading to the CHANGES file entry:

     core: Do not allow internal redirects like the DirectoryIndex of
     mod_dir to circumvent the symbolic link checks imposed by
     FollowSymLinks and SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem,
     William Rowe]

I'm struggling to find the relevant changes in SVN, and there are
no pointers in the relevant bug report PR#14206.

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Mime
View raw message