William A. Rowe, Jr. wrote:
Michael Clark wrote:
Hi Folks,
I posted a note about my privilege separation patches the other day
and received some good private help/feedback, and have now made the
patches a considerable amount more portable and they are using apr
much more extensively.
Cool stuff! I'll start reviewing this, and look at mod_privsep to solve
the very same issue within mod_ftp. But I won't have cycles till the
holidays, so it will be some time. And due to the security implications,
I'm sure you are just as anxious to have some serious review of the
proposed module before it's widely deployed, so I'd suggest we either
hold off a bit on committing it until it's received sufficient eyeballs,
or create a sandbox for its review.
Yes. I don't expect it will be ready for prime time for some time. I
need to address some scalability issues (although the privsep process is
single threaded this is mitigated by the fact that read/write IO is
still all done in the workers - it is just the pam auth / stat / open /
... load) - I would however like to look at making it more scalable.
We will have a production site doing user testing on this over the
holidays and expect that it will have had some production load some time
in mid to late January (a few hundred users). Yes, I would really
appreciate the review - although there is no hurry.
If you don't have a CLA on file, please file one so your contribution
can be considered? http://www.apache.org/licenses/#clas
Although "your" name's on file, there's an email mismatch, and I suspect
with 1500 folks, that is possibly a name clash (middle initial might be
helpful for the record).
It is another Michael Clark as I haven't filed one - very common name.
I'll fax one through in due course.
Thanks much,
Michael.
