On Oct 29, 2008, at 4:12 PM, Ruediger Pluem wrote:
On 10/29/2008 05:41 PM, [EMAIL PROTECTED] wrote:
Author: niq
Date: Wed Oct 29 09:41:10 2008
New Revision: 708935
URL: http://svn.apache.org/viewvc?rev=708935&view=rev
Log:
Introduce modules/system, and mod_unixd.c
mod_unixd.c is only os/unix/unixd.c, turned into a module.
(or more accurately, an ugly hack). Work in progress, and the
old unixd will have to go once the module build stuff is in place.
This re-introduces some of the unixd stuff (set user, group and
chroot)
to mpm_simple, and should work equally well with existing MPMs.
It also paves the way for alternative privilege management schemes,
which can be implemented in alternative modules: this´ll be
necessary to run mpm_simple on non-unix-family platforms, and
of interest for alternative Unix implementations. By relegating
everything to a child_init hook, we can mix-and-match, though
weĺl need to add a regime that prevents just going right ahead
with nothing and running as root.
Round tuits permitting, we should be able to simplify unixd.h too,
and look towards eliminating it.
Just a remark. In all current MPM's ap_run_child_init runs with the
root
privileges already dropped. In the simple MPM this is now different in
general (we are running with root priviledges here). But as mod_unixd
registers an APR_HOOK_FIRST hook this will not make a difference for
most modules as their child_init hooks are still run with the
privileges already dropped.
IMO, it should be APR_HOOK_REALLY_FIRST... There should
never be any doubt or confusion where and when httpd drops
privs. I can only imagine the can of worms....
