On Tue, Aug 5, 2008 at 04:52, Bojan Smojver <[EMAIL PROTECTED]> wrote: > After reading this article on LWN: http://lwn.net/Articles/292559/, it > occurred to me that it may be useful to pass this flag to open in > apr_file_open() on platforms that support it, in case someone decides to > fork()/execve() by non-APR means.
A project I worked on a while back supported external third party plug-ins. Those plug-ins could, at any point decide to fork()/execve(). I'm pretty sure this wasn't the only project of this kind that used APR (do you know what the binary dbd's you link APR to do?) > Of course, apr_file_inherit_[un]set() would have to be modified > accordingly. > > Comments? By all means, the more default security measures are added, the better. However this would imply a jump to APR 2.x and a considerable effort for APR users. -- Lucian
