My summary: I've still not seen any argument why it presents a security risk for a "malicious child" to be able to kill a piped logger or other non-MPM-spawned process, so:
1) for 2.2.x and 1.3.x apr_proc_wait()/waitpid() can be used instead of getpgid(pid) == getpgrp() to determine whether the pid-to-kill is a child of the parent - this doesn't present a portability risk. I will produce a new patch for that tomorrow. 2) for 2.0.x there is no security issue to fix joe