brian 98/05/11 16:45:13
Modified: . STATUS
Log:
Moved two issues to non-showstopper status based on new-httpd discussions.
Revision Changes Path
1.396 +12 -10 apache-1.3/STATUS
Index: STATUS
===================================================================
RCS file: /export/home/cvs/apache-1.3/STATUS,v
retrieving revision 1.395
retrieving revision 1.396
diff -u -r1.395 -r1.396
--- STATUS 1998/05/11 20:08:02 1.395
+++ STATUS 1998/05/11 23:45:11 1.396
@@ -11,18 +11,8 @@
FINAL RELEASE SHOWSTOPPERS:
- * Someone other than Dean has to do a security/correctness review on
- psprintf(), bprintf(), and ap_snprintf(). In particular these routines
- do lots of fun pointer manipulations and such and possibly have overflow
- errors. The respective flush_funcs also need to be exercised.
- o Jim's looked over the ap_snprintf() stuff (the changes that Dean
- did to make thread-safe) and they look fine.
-
WIN32 1.3 FINAL RELEASE SHOWSTOPPERS:
- * SECURITY: check if the magic con/aux/nul/etc names do anything
- really bad
-
* SECURITY: numerous uses of strcpy and strcat have potential
for buffer overflow, someone should rewrite or verify
they're safe
@@ -126,6 +116,15 @@
Open issues:
+ * Someone other than Dean has to do a security/correctness review on
+ psprintf(), bprintf(), and ap_snprintf(). In particular these routines
+ do lots of fun pointer manipulations and such and possibly have overflow
+ errors. The respective flush_funcs also need to be exercised.
+ o Jim's looked over the ap_snprintf() stuff (the changes that Dean
+ did to make thread-safe) and they look fine.
+ o Laura La Gassa's looked over ap_vformatter & other related code
+ o Could still use 1 or 2 more sets of eyeballs.
+
* Paul would like to see a 'gdbm' option because he uses
it a lot.
@@ -188,6 +187,9 @@
Ken: What's W95-specific about it?
Help:
+
+ * SECURITY: check if the magic con/aux/nul/etc names do anything
+ really bad
* chdir() for CGI scripts and mod_include #exec needs to be
re-implemented. This requires either serializing chdir/spawn
Modified: . STATUS
Log:
Moved two issues to non-showstopper status based on new-httpd discussions.
Revision Changes Path
1.396 +12 -10 apache-1.3/STATUS
Index: STATUS
===================================================================
RCS file: /export/home/cvs/apache-1.3/STATUS,v
retrieving revision 1.395
retrieving revision 1.396
diff -u -r1.395 -r1.396
--- STATUS 1998/05/11 20:08:02 1.395
+++ STATUS 1998/05/11 23:45:11 1.396
@@ -11,18 +11,8 @@
FINAL RELEASE SHOWSTOPPERS:
- * Someone other than Dean has to do a security/correctness review on
- psprintf(), bprintf(), and ap_snprintf(). In particular these routines
- do lots of fun pointer manipulations and such and possibly have overflow
- errors. The respective flush_funcs also need to be exercised.
- o Jim's looked over the ap_snprintf() stuff (the changes that Dean
- did to make thread-safe) and they look fine.
-
WIN32 1.3 FINAL RELEASE SHOWSTOPPERS:
- * SECURITY: check if the magic con/aux/nul/etc names do anything
- really bad
-
* SECURITY: numerous uses of strcpy and strcat have potential
for buffer overflow, someone should rewrite or verify
they're safe
@@ -126,6 +116,15 @@
Open issues:
+ * Someone other than Dean has to do a security/correctness review on
+ psprintf(), bprintf(), and ap_snprintf(). In particular these routines
+ do lots of fun pointer manipulations and such and possibly have overflow
+ errors. The respective flush_funcs also need to be exercised.
+ o Jim's looked over the ap_snprintf() stuff (the changes that Dean
+ did to make thread-safe) and they look fine.
+ o Laura La Gassa's looked over ap_vformatter & other related code
+ o Could still use 1 or 2 more sets of eyeballs.
+
* Paul would like to see a 'gdbm' option because he uses
it a lot.
@@ -188,6 +187,9 @@
Ken: What's W95-specific about it?
Help:
+
+ * SECURITY: check if the magic con/aux/nul/etc names do anything
+ really bad
* chdir() for CGI scripts and mod_include #exec needs to be
re-implemented. This requires either serializing chdir/spawn