At 04:46 AM 3/13/2003, Joe Orton wrote: >[Resend. There are currently two outstanding fixes for public security >issues in the 2.0 stable branch: this and escaping of untrusted request >data in mod_log_config which Andre forward-ported from 1.3] > >Hi, here is a version of the patch in #17206 which removes the current >the fd leaks. Most of these were introduced in this commit > >http://marc.theaimsgroup.com/?l=apache-cvs&m=99531770520998&w=2 > >though the pod leak has been around longer. I haven't checked whether >the mod_file_cache change in that commit should be reverted as well. The >patch is against 2.0 HEAD. > >Submitted by: Christian Kratzer, Bjoern A. Zeeb
+1 here. I have one comment; please *don't* simply delete those lines from server/log.c, modules/mappers/mod_rewrite.c and, of course, modules/loggers/mod_log_config.c. Please comment them out with /* XXX: this would be required in the Win32 parent */ We don't have the mechanics in place so right now this is a beneficial noop on Win32. However, we should be passing those handles on to all child processes. That won't happen today, but will occur in the very near future. The XXX comments will remind me what I need to wiggle to make this work. Of course it won't be reenabled across the board. Folks have asked for a very long time "how do I tell this is a win32 parent process v.s. a child process?" That's a legit question for the MPM - and one I intend to hack up once the crunch of work is off of me. Oh - the answer on Unix is 'this is the parent and child' - on win32 it's either one or the other, or we are using -D ONE_PROCESS. But we can debate those mechanics later... Bill
