My summary: I've still not seen any argument why it presents a security 
risk for a "malicious child" to be able to kill a piped logger or other 
non-MPM-spawned process, so:

1) for 2.2.x and 1.3.x apr_proc_wait()/waitpid() can be used instead of 
getpgid(pid) == getpgrp() to determine whether the pid-to-kill is a 
child of the parent - this doesn't present a portability risk.  I will 
produce a new patch for that tomorrow.

2) for 2.0.x there is no security issue to fix

joe

Reply via email to