httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <>
Subject Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c
Date Fri, 22 May 2009 16:26:07 GMT
On Thu, May 21, 2009 at 02:39:57PM -0400, Jeff Trawick wrote:
> On Wed, May 20, 2009 at 8:53 AM, Joe Orton <> wrote:
> > Given that the semantics of the options has changed, I don't think it's
> > worth changing httpd to maintain any pretence of compile-time or
> > run-time compatibility here.  Any code using the OPT_* constants as
> > exposed by mod_perl cannot work as expected any more.
> Is the change in semantics required to fix the bug, or is it simply the
> current implementation?

Attaching my original analysis for security@ which hopefully answers 
that question ;)

Having thought about this longer, I do agree that it would be reasonable 
to provide OPT_INCNOEXEC as a noop integer for back-compat, but, it 
turns out we're out of bits - allow_options_t is an unsigned char and 
we're using 2^0 through 2^7 already. :(

The only available option is to #define OPT_INCNOEXEC to some bogus 
string or something; not sure I like that much better than just a clean 

Worth noting: for any mod_perl-based code which tests only OPT_INCLUDE 
for "is SSI enabled", that will continue to be compatible with the new 
implementation, modulo mod_perl build failures.  The only issue is with 
code which needs to differentiate between SSI-with-exec and -without.

Regards, Joe

View raw message