> > Doesnt that mean my openssl/modssl is external library which can be > upgraded without redoing apache/php4.3.3 and whatnot all over? >
Yes. Just compile mod_ssl outside of apache. But you really should not worry about some public exploits - a cracker needs to know the addrees of free() function in your binary. If they have your httpd, they can exploit it. Dmitry _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
