I think it will be all right provided the feature is disabled by default and, as you say, the potential security issue is documented.
On Jan 28, 2008 1:28 PM, Akins, Brian <[EMAIL PROTECTED]> wrote: > On 1/28/08 4:35 AM, "Ivan Ristic" <[EMAIL PROTECTED]> wrote: > The FastCGI process is likely to be running under a different > > account, but here we have a facility that allows that other process to > > use the privileges of the Apache user to fetch a file. I can see how > > this feature could easily find its way to the list of small tricks > > that can be used to compromise a web server installation, one step at > > a time. > > Perhaps. Most of out fastcgi stuff gets executed by httpd, so it has the > same privileges. Also php under fastgci has access to everything completely > outside httpd, for example. > > I guess if we choose to include support, but the appropriate security > warnings. Also, this approach will use all the normal httpd file access > controls rather than just grabbing it "directly." It is also a "first > draft" and I'm sure needs work, but I'd like us to push to get xsendfile > into core. It's already Apache license, if that helps. > > -- > > Brian Akins > Chief Operations Engineer > Turner Digital Media Technologies > > -- Ivan Ristic
