DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=22030>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=22030 SECURITY: 4097+ bytes of stderr from cgi script causes script to hang ------- Additional Comments From [EMAIL PROTECTED] 2004-03-25 13:26 ------- >How urgent is fixing this bug viewed as by those who are actively working on Apache? Emperical evidence would suggest that it is not very important. >Are we likely to see a proper fix for this included in a production >release in the foreseeable future or will work arounds within scripts >and fixes like Jeff's be the norm for now? I have no idea about the first question. The answer to the second question is, in general, no. This particular situation is one which requires a complete redesign of how mod_cgi interacts with scripts. I have made a set of code available which for Unix has a design that should solve this problem, it works for my testcases, etc. Another unusual example: 2.0.49 provided an overhaul of mod_include with completely new parsing engine and a number of existing problems resolved. For quite a while, people with 2.0.x mod_include problems were asked to try this alternate implementation. After a relatively long time it was merged into 2.0.x for the 2.0.49 release. If somebody has time/energy to move the ball forward they can offer their own solution or try out what I have and offer feedback. If somebody does not have time/energy to help move the ball forward they can always buy commercial support for Apache or an Apache-based server and complain to the vendor that it does not meet their requirements. Or modify scripts to redirect stderr or not output so much stuff to stderr. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
