Michael Clark wrote:
Hi Folks,
I posted a note about my privilege separation patches the other day
and received some good private help/feedback, and have now made the
patches a considerable amount more portable and they are using apr
much more extensively.
The patch is now fully modular and allows mod_privsep to be compiled
out (although it does add some additional hooks to the core).
First off, I want to say, this is a very cool set of patches, and I
would like to see it or some derivative go into trunk!
Due to the nature of the patch it has to change some core code
to use privileged wrapper calls for file io. I can't see any way
around this - I have tried to minimise the impact by adding hooks.
How you stubbed out the file io seems fine for the lifetime of 2.2.x and
maybe 2.4.x, but in the long run, I believe we need to support some kind
of "VFS" layer, to make all IO pluggable. (open file, directory listing,
etc etc).
Preferably Async IO and pluggable too :-)
Dream mode on:
<Location /upload>
Dav On
Mount privsep:/opt/upload
</Location>
# static content
<Location /mysite>
Mount /www/content
</Location>
# proxied content
<Location /foo>
Mount balancer://bigcluster
</Location>
Anyways, if all IO was abstracted with a little VFS layer, it would mean
all modules would now work with your privilege separation code, rather
than just the core, mod_autoindex, and any other modules you write
patches for :-)
