Re: SETEUID on Exec

[Randy Terbush <ra...@zyzzyva.com>]

> Randy: [02_seteuid_on_exec.patch]
> patch applied clean to pure 1.0.0 (downloaded this morning)
> 
> Compiling on FreeBSD 2.0.5, -DXBITHACK, -DMINIMAL_DNS, -O2 using gcc 2.6.3:

> gcc -c -O2 -DXBITHACK -DMINIMAL_DNS -m486 http_core.c
> http_core.c: In function `default_handler':
> http_core.c:676: `destuid' undeclared (first use this function)
> http_core.c:676: (Each undeclared identifier is reported only once
> http_core.c:676: for each function it appears in.)
> *** Error code 1

I missed a changed file in the patch. I'll upload a revised patch as
soon as I can get to hyperreal, which appears to be down.

> Some thoughts:
> 1)	it might be better as a per-directory configurable option, a la
> 	XBitHack, with a default of 'off'/'false'.

I'll have a look at this today. I was a bit unfamiliar with that whole
mechanism in Apache. I think something like that would be better than
passing around a global.

> 2)	what *is* the value of an uninitialised char *do_seteuid;
> 	is there a chanse that strcmp could barf?
> 3)	strcasecmp in preference to strcmp?

The suggestion above would prevent this since I really only need one
bit to control this.