Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 44AF392CF for ; Thu, 19 Jul 2012 14:18:15 +0000 (UTC) Received: (qmail 92866 invoked by uid 500); 19 Jul 2012 14:18:13 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 92570 invoked by uid 500); 19 Jul 2012 14:18:12 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 92539 invoked by uid 99); 19 Jul 2012 14:18:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Jul 2012 14:18:11 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [129.241.93.19] (HELO cassarossa.samfundet.no) (129.241.93.19) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Jul 2012 14:18:05 +0000 Received: from sesse by cassarossa.samfundet.no with local (Exim 4.72) (envelope-from ) id 1SrrY0-0001S6-N8 for dev@httpd.apache.org; Thu, 19 Jul 2012 16:17:44 +0200 Date: Thu, 19 Jul 2012 16:17:44 +0200 From: "Steinar H. Gunderson" To: dev@httpd.apache.org Subject: mpm-itk and upstream Apache, once again Message-ID: <20120719141744.GF20672@samfundet.no> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.20 (2009-06-14) Hi, I've asked previously on this list about inclusion of mpm-itk (http://mpm-itk.sesse.net/) into upstream Apache; previously, the requests have died down, mostly over discussions on security (mpm-itk does configuration and request parsing as uid 0, although with very limited capabilities) and arguments along the lines of “there is no need”, e.g. various people I've talked to feel that there are other adequate solutions for the problem, including suexec, multiple Apache instances with reverse proxying, or some GSoC project. (http://wiki.apache.org/httpd/PrivilegeSeparation even claims you can keep administrators from reading each others' sites simply by setting setting chmod 0640, completely ignoring the case where you can run PHP code or CGI scripts!) However, since then mod_privileges have entered Apache trunk, which gives similar functionality (contradicting the arguments about “no need”), is very similar in terms of security model (contradicting the arguments about “the model is too insecure”), but is Solaris-specific, has less functionality (it lacks per-vhost nicing and per-vhost client limits), and generally seems to be less mature (e.g., as far as I can see, it fails to adequately handle the case where the client goes to a different-uid vhost and .htaccess thus is not readable). Furthermore, Fedora has recently accepted the mpm-itk patch into their Apache packages. This means that nearly every major distributor of Apache now supports mpm-itk; in particular, Arch, Debian, Fedora, FreeBSD ports, Gentoo, Mandriva, openSUSE and Ubuntu all include mpm-itk. I do not know of any module with a similar status, and having them all integrate the patch separately instead of simply having it in mainline seems wasteful. mpm-itk has, despite its non-mainline status, been in production in large sites for many years (it has been under development since 2005), and should at this point be considered mature. What would be needed to get it into mainline? /* Steinar */ -- Homepage: http://www.sesse.net/