httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: svn commit: r708935 - in /httpd/httpd/trunk: CHANGES modules/system/ modules/system/mod_unixd.c server/mpm/simple/simple_run.c
Date Wed, 29 Oct 2008 20:12:32 GMT


On 10/29/2008 05:41 PM, niq@apache.org wrote:
> Author: niq
> Date: Wed Oct 29 09:41:10 2008
> New Revision: 708935
> 
> URL: http://svn.apache.org/viewvc?rev=708935&view=rev
> Log:
> Introduce modules/system, and mod_unixd.c
> 
> mod_unixd.c is only os/unix/unixd.c, turned into a module.
> (or more accurately, an ugly hack).  Work in progress, and the
> old unixd will have to go once the module build stuff is in place.
> 
> This re-introduces some of the unixd stuff (set user, group and chroot)
> to mpm_simple, and should work equally well with existing MPMs.
> It also paves the way for alternative privilege management schemes,
> which can be implemented in alternative modules: this´ll be
> necessary to run mpm_simple on non-unix-family platforms, and
> of interest for alternative Unix implementations.  By relegating
> everything to a child_init hook, we can mix-and-match, though
> weĺl need to add a regime that prevents just going right ahead
> with nothing and running as root.
> 
> Round tuits permitting, we should be able to simplify unixd.h too,
> and look towards eliminating it.

Just a remark. In all current MPM's ap_run_child_init runs with the root
privileges already dropped. In the simple MPM this is now different in
general (we are running with root priviledges here). But as mod_unixd
registers an APR_HOOK_FIRST hook this will not make a difference for
most modules as their child_init hooks are still run with the
privileges already dropped.

As said just a remark and no comment as I haven't made up my mind
so far if this is good or bad.

Regards

Rüdiger


Mime
View raw message