Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 80232 invoked from network); 25 May 2009 16:03:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 25 May 2009 16:03:48 -0000 Received: (qmail 97036 invoked by uid 500); 25 May 2009 16:04:00 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 96958 invoked by uid 500); 25 May 2009 16:04:00 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 96948 invoked by uid 99); 25 May 2009 16:03:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 May 2009 16:03:55 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of trawick@gmail.com designates 72.14.220.154 as permitted sender) Received: from [72.14.220.154] (HELO fg-out-1718.google.com) (72.14.220.154) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 May 2009 16:03:45 +0000 Received: by fg-out-1718.google.com with SMTP id 16so1183282fgg.17 for ; Mon, 25 May 2009 09:03:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=h7hiK0o2CvwfgyY80/X3+s4kKl7Gq9IrMq8eVfHARhk=; b=F/NwX6tFVNQ6FFfcFzynWii1CN0A67iGGS8OPVkyxK8CwBjO68k6dphtTG/SQJ2Lye 6yMuWFq5gVZhbqhYHZBIcLVhw6IhgVt3r/RW20BP5QwRaFOcg2nrWap7ZGvGlX+CJwya 2jLe7WxO+zC+Rcm+dsRbvLDg6cmLFYOzpnC8U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=WyRnl+tB+AIdqQrgh99JR4gJ0ASH8fSN8igzJ0dTvMjB5rYiNh0H4MyZrRXmmiui3o 0anaNRO5xT8yKTFYU6Hd10UbGO5ic4hbO5hRnTePb0xJaiw4YRKCV5tK1j2HDkg2fGPy e6b54sBWyZLGSpvSVmgM+MkDIHOQN9hs71aj4= MIME-Version: 1.0 Received: by 10.86.86.10 with SMTP id j10mr5866104fgb.37.1243267403797; Mon, 25 May 2009 09:03:23 -0700 (PDT) In-Reply-To: <20090525074547.GA4975@redhat.com> References: <20090525074547.GA4975@redhat.com> Date: Mon, 25 May 2009 12:03:23 -0400 Message-ID: Subject: Re: [concept PATCH] CVE-2009-1195 tweaks to provide binary compatibility for stable branches From: Jeff Trawick To: dev@httpd.apache.org Content-Type: multipart/alternative; boundary=000e0cd247d4f6d726046abebf35 X-Virus-Checked: Checked by ClamAV on apache.org --000e0cd247d4f6d726046abebf35 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On Mon, May 25, 2009 at 3:45 AM, Joe Orton wrote: > On Fri, May 22, 2009 at 05:12:31PM -0400, Jeff Trawick wrote: > > (untested) > > > > ap_allow_options() is how applications, including our mod_include, access > > the enabled options for a given request (other than evil apps which > define > > CORE_PRIVATE and locate the core_dir_config). As this is a callable > > function, it can map internal, hidden bitmaps as appropriate before > > returning to the caller. > > Interesting idea! I'm concerned this is going to be overly intrusive, > what with requiring the changes to all uses of OPT_ALL internally. Does > it really matter what value of OPT_ALL is exposed to modules? > > (or specifically: does it break compatibility to change what value of > OPT_ALL is exposed to modules?) It seems safe to include the additional bit in OPT_ALL. > > Something simpler might be sufficient? Err, I think you're looking for an overlap in sensibilities ;) (We know that answer is "yes" just as we also know that we can make it abundantly clear (painful) throughout whether we are dealing with the internal or external representation.) I'm fine with your patch plus a bit of commentary in ap_allow_options(). Thanks a bunch! --000e0cd247d4f6d726046abebf35 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Mon, May 25, 2009 at 3:45 AM, Joe Orton <jorton@redhat.com= > wrote:
On Fri, May 22, 2009 at 05:12:31PM -0400, Jeff Trawick wr= ote:
> (untested)
>
> ap_allow_options() is how applications, including our mod_include, acc= ess
> the enabled options for a given request (other than evil apps which de= fine
> CORE_PRIVATE and locate the core_dir_config). =A0As this is a callable=
> function, it can map internal, hidden bitmaps as appropriate before > returning to the caller.

Interesting idea! =A0I'm concerned this is going to be overly int= rusive,
what with requiring the changes to all uses of OPT_ALL internally. =A0Does<= br> it really matter what value of OPT_ALL is exposed to modules?

(or specifically: does it break compatibility to change what value of
OPT_ALL is exposed to modules?)

It seems sa= fe to include the additional bit in OPT_ALL.



Something simpler might be sufficient? =A0

= Err, I think you're looking for an overlap in sensibilities ;) =A0(We k= now that answer is "yes" just as we also know that we can make it= abundantly clear (painful) throughout whether we are dealing with the inte= rnal or external representation.)

I'm fine with your patch plus a bit of commentary i= n ap_allow_options().

Thanks a bunch!
--000e0cd247d4f6d726046abebf35--