On Sun, 2014-09-28 at 23:10 +0200, Rainer Jung wrote:
> IMHO it is a useful approach. Whan I looked at the CGI topic, I noticed
> that the safest thing is cleaning up in ap_create_environment(), because
> you can be sure to get every env var in your hands there, not only the
> ones coming from
Am 26.09.2014 um 16:41 schrieb Nick Kew:
I've revisited mod_taint this morning, and made some updates:
a bugfix, a new option to apply an untainting rule to all headers.
But topically, a canned configuration option to protect
against shell-shock patterns:
LoadModule modules/mod_taint.so
Un
Am 28.09.2014 um 09:07 schrieb Issac Goldstand:
-0
While I love the code that's been come up with, this would be akin to
trying to have patched httpd to deal with Heartbleed.
I can't see any real use-case where a user would get a patched httpd
without getting a patched bash, too. Either they'l
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
-0
While I love the code that's been come up with, this would be akin to
trying to have patched httpd to deal with Heartbleed.
I can't see any real use-case where a user would get a patched httpd
without getting a patched bash, too. Either they'll know, or they'll be
getting this from their