On Fri, May 22, 2009 at 5:10 PM, William A. Rowe, Jr. <firstname.lastname@example.org>
Jeff Trawick wrote:Hold on... I think this can still work;
> Backing up a bit...
> I originally thought we could map bit values in 2.2.x to avoid affecting
> modules, but that isn't possible since includes-with-exec is two bits
> instead of one.
* Retain new true 'Includes' bit as old IncludesNoExec macro value
Keep ancient Includes flag bit as 256, never true.
- all httpd modules testing for including but not executing
permission see the permission as allowed
- old httpd modules testing for includes with exec permission
see the permission as denied, until they update the module
- httpd modules which force/override the includes without exec
permission would still work
- httpd modules which force/override the includes exec behavior
would just fail to update anything (256 & 0xff == 00), so it
becomes a noop until they update the module
So it has no negative security consequences, still would require
an update to the rare module, but lets us ship something without
really nasty side effects.
I'll think harder about this once my latest proposal gets shot down ;)