httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Clark <mich...@metaparadigm.com>
Subject Re: [RFC] Apache Privilege Separation for WebDAV (now against 2.2.6)
Date Tue, 11 Dec 2007 14:09:23 GMT
William A. Rowe, Jr. wrote:
> Michael Clark wrote:
>> Hi Folks,
>>
>> I posted a note about my privilege separation patches the other day
>> and received some good private help/feedback, and have now made the
>> patches a considerable amount more portable and they are using apr
>> much more extensively.
>
> Cool stuff!  I'll start reviewing this, and look at mod_privsep to solve
> the very same issue within mod_ftp.  But I won't have cycles till the
> holidays, so it will be some time.  And due to the security implications,
> I'm sure you are just as anxious to have some serious review of the
> proposed module before it's widely deployed, so I'd suggest we either
> hold off a bit on committing it until it's received sufficient eyeballs,
> or create a sandbox for its review.

Yes. I don't expect it will be ready for prime time for some time. I 
need to address some scalability issues (although the privsep process is 
single threaded this is mitigated by the fact that read/write IO is 
still all done in the workers - it is just the pam auth / stat / open / 
... load) - I would however like to look at making it more scalable.

We will have a production site doing user testing on this over the 
holidays and expect that it will have had some production load some time 
in mid to late January (a few hundred users). Yes, I would really 
appreciate the review - although there is no hurry.

> If you don't have a CLA on file, please file one so your contribution
> can be considered?  http://www.apache.org/licenses/#clas
> Although "your" name's on file, there's an email mismatch, and I suspect
> with 1500 folks, that is possibly a name clash (middle initial might be
> helpful for the record).

It is another Michael Clark as I haven't filed one - very common name. 
I'll fax one through in due course.

Thanks much,
Michael.

Mime
View raw message