On 10/29/2008 05:41 PM, [EMAIL PROTECTED] wrote: > Author: niq > Date: Wed Oct 29 09:41:10 2008 > New Revision: 708935 > > URL: http://svn.apache.org/viewvc?rev=708935&view=rev > Log: > Introduce modules/system, and mod_unixd.c > > mod_unixd.c is only os/unix/unixd.c, turned into a module. > (or more accurately, an ugly hack). Work in progress, and the > old unixd will have to go once the module build stuff is in place. > > This re-introduces some of the unixd stuff (set user, group and chroot) > to mpm_simple, and should work equally well with existing MPMs. > It also paves the way for alternative privilege management schemes, > which can be implemented in alternative modules: this´ll be > necessary to run mpm_simple on non-unix-family platforms, and > of interest for alternative Unix implementations. By relegating > everything to a child_init hook, we can mix-and-match, though > weĺl need to add a regime that prevents just going right ahead > with nothing and running as root. > > Round tuits permitting, we should be able to simplify unixd.h too, > and look towards eliminating it.
Just a remark. In all current MPM's ap_run_child_init runs with the root privileges already dropped. In the simple MPM this is now different in general (we are running with root priviledges here). But as mod_unixd registers an APR_HOOK_FIRST hook this will not make a difference for most modules as their child_init hooks are still run with the privileges already dropped. As said just a remark and no comment as I haven't made up my mind so far if this is good or bad. Regards Rüdiger
