Le 31/10/2012 05:46, Eric Jacobs a écrit :
There is a race condition vulnerability in httpd 2.2.23 (also present
in previous releases) that allows a malicious user to serve arbitrary
files from nearly anywhere on a server that isn't protected by strict
os level permissions. In a shared hosting
On 30 Oct 2012, at 9:12 PM, John M jfm.apa...@gmail.com wrote:
I have a new feature request for the balancer-manager: the ability to
enable or disable servers in the balancer using the command line,
instead of using the only way that exists that I know of: the
balancer-manager webpage. The
On 31 Oct 2012, at 6:46 AM, Eric Jacobs ejac...@bluehost.com wrote:
There is a race condition vulnerability in httpd 2.2.23 (also present in
previous releases) that allows a malicious user to serve arbitrary files from
nearly anywhere on a server that isn't protected by strict os level
On Wed, Oct 31, 2012 at 7:31 AM, Graham Leggett minf...@sharp.fm wrote:
On 31 Oct 2012, at 6:46 AM, Eric Jacobs ejac...@bluehost.com wrote:
There is a race condition vulnerability in httpd 2.2.23 (also present in
previous releases) that allows a malicious user to serve arbitrary files
from
On 10/31/2012 06:00 AM, Eric Covener wrote:
In general that is the proper form -- but this particular issue is
documented as a limitation:
Omitting this option should not be considered a security restriction,
since symlink testing is subject to race conditions that make it
circumventable.
On Wed, Oct 31, 2012 at 3:36 PM, Eric Jacobs ejac...@bluehost.com wrote:
On 10/31/2012 06:00 AM, Eric Covener wrote:
In general that is the proper form -- but this particular issue is
documented as a limitation:
Omitting this option should not be considered a security restriction,
since
Hi,
i didnt find anywhere in the Docs, I know that the request_req has a
pointer to the conn_rec of that request, but based on
ap_hook_process_connection that only gives me the conn_rec it is
possible to get the request_req if I only have the conn_rec ?
[]s
On Wed, 31 Oct 2012 18:42:33 -0200
André Ferraz defer...@terra.com.br wrote:
Hi,
i didnt find anywhere in the Docs, I know that the request_req has a
pointer to the conn_rec of that request, but based on
ap_hook_process_connection that only gives me the conn_rec it is
possible to
It's possible this is because a burst of requests causes Apache to spin up
child processes to handle them, but perhaps the load-test generation slows
down at some point, Apache winds up with idle processes, and closes some
down? Is that plausible?