You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jeff Trawick <tr...@gmail.com> on 2009/05/22 23:43:00 UTC
Re: [concept PATCH] CVE-2009-1195 tweaks to provide binary
compatibility for stable branches
On Fri, May 22, 2009 at 5:12 PM, Jeff Trawick <tr...@gmail.com> wrote:
> (untested)
These references to OPT_ALL should be OPT_PVT_ALL.
./server/config.c: parms.override_opts = OPT_ALL | OPT_SYM_OWNER |
OPT_MULTI;
./server/config.c: parms.override_opts = OPT_ALL | OPT_SYM_OWNER |
OPT_MULTI;
./server/config.c: parms.override_opts = OPT_ALL | OPT_SYM_OWNER |
OPT_MULTI;
./server/core.c: conf->opts = dir ? OPT_UNSET : OPT_UNSET|OPT_ALL;
./server/core.c: conf->override_opts = OPT_UNSET | OPT_ALL |
OPT_SYM_OWNER | OPT_MULTI;
./server/core.c: opt = OPT_ALL;
./server/core.c: d->override_opts = OPT_ALL;
./server/core.c: opt = OPT_ALL;
Taking it slowly...
Change all occurrences of OPT_INCLUDES, OPT_INC_WITH_EXEC, and OPT_ALL to
OPT_PVT_versions of same.
Move OPT_PVT_ definitions inside CORE_PRIVATE.
Provide old OPT_INCLUDES, OPT_INCNOEXEC, and OPT_ALL outside of CORE_PRIVATE
for callers of ap_allow_options() to use.
Revert the change to mod_include so that it uses the old flags when checking
the result of ap_allow_options().
The old flags are available at compile time and will be returned from
ap_allow_options().