> -----Original Message----- > From: Joe Orton [mailto:[email protected]] > Sent: Donnerstag, 1. September 2011 16:46 > To: Marcus Meissner > Cc: [email protected] > Subject: Re: CVE-2003-1418 - still affects apache 2 current > > On Thu, Sep 01, 2011 at 02:39:11PM +0200, Marcus Meissner wrote: > > Hi, > > > > CVE-2003-1418, a minor security issue, is still affecting > the current codebase. > > > > someone opened a tracker bug a year ago without feedback: > > https://issues.apache.org/bugzilla/show_bug.cgi?id=49623 > > > > Do you have a statement? > > Use "FileETag -INode" if you care about leaking inode numbers. > > I think there was consensus that the default should be > changed to that, > but I can't find the discussion.
Can't find the discussion either, but I remember that it was not seen as a security issue. For those still concerned about this, the advice was as you said "FileETag -INode". So IMHO no need for a patch here except for documentation and default config Regards Rüdiger
