At 12:30 PM 3/3/2003, Bill Stoddard wrote: >Jeff Trawick wrote: >>Justin Erenkrantz wrote: >> >>>--On Wednesday, February 19, 2003 2:12 PM -0500 Jeff Trawick >>> wrote: >>> >>>> The attached patch changes sig_coredump to call a hook. In the >>>> fullness of time, the ap_exception_info_t provided to the hook >>>> would contain any and all relevant information available to a >>>> signal/exception handler (e.g., siginfo_t on many Unix variants). >>> >>> >>>Here's a compromise that I'd be willing to accept: you have to explictly >>>enable this hook at configure-time. Otherwise, this hook won't be >>>executed on a signal. >> >>Does anybody agree with Justin's compromise (i.e., if I put more effort into this >>direction am I going to find out that somebody doesn't think the compromise is >>conservative enough :) )? > >I don't like the idea of enabling this hook at configure time. Why not add the hook >and leave it to modules whether they want to use it or not?
Because it is a potential security hole? The only individual who should choose to expose or prevent the hole would be the administrator who installs (and therefore probably built) Apache. >I don't see the value in crufting up configure more that it already is. Can we piggy-back such features into a single --unwise-but-useful configure option? Bill
