On Sat, 25 Apr 2009, Alvaro Lopez Ortega wrote: > What do you mean by executable code? Cherokee-worker is the only > process that can access the spawning mechanism. No other external > process can interfere with the spawning (except of other root > processes of course).
We all know some of us are great programmers, but we all make mistakes. It would be really nice if ever an exploit is possible, cherokee would bitmask the UID field so it could never be zero. > > Is it possible to explictly disable respawn as root at configure? > > (Stack > > initialisation of non-zero etc.) > > r3169 has fixed the problem - I knew I needed some feedback for a > reason. :-) ;) I would make this number configurable in code... maybe with a hardmask. Stefan _______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
