You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by fredk2 <fr...@gmail.com> on 2008/09/19 04:06:22 UTC
[users@httpd] any reasons not to compile with
-enable-exception-hook?
Hi,
is there any reasons why you would not want in production (or hardened
server) an apache compiled with -enable-exception-hook?
The manual says:
"For safety reasons this directive is only available if the server was
configured with the --enable-exception-hook option. It enables a hook that
allows external modules to plug in and do something after a child crashed."
what safety reasons? why ?
Thank you - Fred
--
View this message in context: http://www.nabble.com/any-reasons-not-to-compile-with--enable-exception-hook--tp19565114p19565114.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] any reasons not to compile with
-enable-exception-hook?
Posted by fredk2 <fr...@gmail.com>.
Hi,
thank you ... can we assume this to be the same risks as the warning against
using DSO modules?
Is there any reasons to think that the apache would execute slower if
compiled with this hook?
Rgds - Fred
William A. Rowe, Jr. wrote:
>
> fredk2 wrote:
>> Hi,
>>
>> is there any reasons why you would not want in production (or hardened
>> server) an apache compiled with -enable-exception-hook?
>
> Yes. You can and should expect that once the server is compromised, it's
> possible although highly unlikely that the actual target of that hook is
> also compromised. Many would rather that the process was brought down,
> hard, at the first exception, and that code no longer ran in that context.
>
--
View this message in context: http://www.nabble.com/any-reasons-not-to-compile-with--enable-exception-hook--tp19565114p19609054.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] any reasons not to compile with -enable-exception-hook?
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
fredk2 wrote:
> Hi,
>
> is there any reasons why you would not want in production (or hardened
> server) an apache compiled with -enable-exception-hook?
Yes. You can and should expect that once the server is compromised, it's
possible although highly unlikely that the actual target of that hook is
also compromised. Many would rather that the process was brought down,
hard, at the first exception, and that code no longer ran in that context.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org