httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: Inclusion of mpm-itk into HEAD
Date Mon, 25 Jun 2007 08:20:45 GMT
On Sun, 17 Jun 2007 21:47:33 +0200
"Steinar H. Gunderson" <sgunderson@bigfoot.com> wrote:


>  - mpm-itk is in production use at several sites -- for instance,

Isn't that also true of metux?

> Two main disadvantages should be noted:

Thanks for being clear about these up-front.

>  - setuid() happens after the request has been parsed, which means
> that the server runs as root up until that point. (However, on a
> system with capabilities, ie. Linux 2.6, almost all superuser
> privileges are dropped, so you can't just load kernel code or
> whatever.)

That looks like a serious problem to me.

First there's the obvious issue of any bugs in the core code
(which includes yours - if it goes in) going nuclear by running
as root.

But secondly, it does the same for a lot of module code.  Any
module that runs a connection-level input filter, such as SSL,
a protocol module, or a bandwidth-shaping module, is going to
have code run as root.  That means a lot of existing third-party
code goes nuclear too.  Including it in the core dist makes a
huge target!  People get pwned, apache gets the blame.
For example, it looks a lot like a case of
	itk + slapper = remote root

>  - There is a performance drop from prefork, as each child is only
> serving one connection before it dies

So you've introduced something that looks much the same as the
traditional "CGI overhead", but applied it to every request instead
of just CGI?  How does it offer any advantage over CGI+suexec?
Not to mention its variants like fastcgi?

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Mime
View raw message