At 12:30 PM 3/3/2003, Bill Stoddard wrote:
Jeff Trawick wrote:
Justin Erenkrantz wrote:
--On Wednesday, February 19, 2003 2:12 PM -0500 Jeff Trawick wrote:
The attached patch changes sig_coredump to call a hook. In the fullness of time, the ap_exception_info_t provided to the hook would contain any and all relevant information available to a signal/exception handler (e.g., siginfo_t on many Unix variants).
Here's a compromise that I'd be willing to accept: you have to explictly enable this hook at configure-time. Otherwise, this hook won't be executed on a signal.
Does anybody agree with Justin's compromise (i.e., if I put more effort into this direction am I going to find out that somebody doesn't think the compromise is conservative enough :) )?
I don't like the idea of enabling this hook at configure time. Why not add the hook and leave it to modules whether they want to use it or not?
Because it is a potential security hole? The only individual who should choose to expose or prevent the hole would be the administrator who installs (and therefore probably built) Apache.
That same admin controls which modules are loaded as well.
I don't see the value in crufting up configure more that it already is.
Can we piggy-back such features into a single --unwise-but-useful configure option?
Obviously not. If it is -really- unwise, then we should just not do it. I see no evidence that is the case though. How, exactly, could this hook be remotely and uniquely exploited?
Bill
