On Thu, 19 Jul 2012 17:38:31 +0200 "Steinar H. Gunderson" <[email protected]> wrote:
> On Thu, Jul 19, 2012 at 11:27:04AM -0400, Jeff Trawick wrote: > > What changes are needed to httpd trunk so that you can build mpm-itk > > with apxs and enable it via LoadModule, such that mpm-itk is fully > > functional? As I'm sure you're aware, prefork, worker, and event are > > all untied from core enough to support that in httpd >= 2.4. > > We'd need: > > 1. A hook right after merging the perdir config. Does it run per-dir config as root? How does it protect against such potential attacks as running an external program as root through a RewriteMap running earlier than the directory walk? Given that the header_parser runs immediately after directory config in request.c, are there specific reasons (beyond inelegance) not to run as header_parser with REALLY_FIRST? > 2. Fixes to get Apache to drop the connection if it detects > (during .htaccess lookup) that it would need to change the uid. Dropping the connection gratuitously breaks HTTP, and so has no place in httpd (of course, a third-party module sets its own rules). Would it need a core patch to return an Internal Server Error (500)? -- Nick Kew
