--000e0cd247d48a589e046a86bf96
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
On Fri, May 22, 2009 at 5:10 PM, William A. Rowe, Jr.
<wrowe [at] rowe-clan.net>wrote:
> Jeff Trawick wrote:
> >
> > Backing up a bit...
> >
> > I originally thought we could map bit values in 2.2.x to avoid affecting
> > modules, but that isn't possible since includes-with-exec is two bits
> > instead of one.
>
> Hold on... I think this can still work;
>
> * Retain new true 'Includes' bit as old IncludesNoExec macro value
> Keep ancient Includes flag bit as 256, never true.
>
> - all httpd modules testing for including but not executing
> permission see the permission as allowed
>
> - old httpd modules testing for includes with exec permission
> see the permission as denied, until they update the module
>
> - httpd modules which force/override the includes without exec
> permission would still work
>
> - httpd modules which force/override the includes exec behavior
> would just fail to update anything (256 & 0xff == 00), so it
> becomes a noop until they update the module
>
> So it has no negative security consequences, still would require
> an update to the rare module, but lets us ship something without
> really nasty side effects.
>
I'll think harder about this once my latest proposal gets shot down ;)
--000e0cd247d48a589e046a86bf96
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<br><br><div class=3D"gmail_quote">On Fri, May 22, 2009 at 5:10 PM, William=
A. Rowe, Jr. <span dir=3D"ltr"><<a href=3D"mailto:wrowe [at] rowe-clan.net">=
wrowe [at] rowe-clan.net</a>></span> wrote:<br><blockquote class=3D"gmail_quo=
te" style=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt=
0.8ex; padding-left: 1ex;">
<div class=3D"im">Jeff Trawick wrote:<br>
><br>
> Backing up a bit...<br>
><br>
> I originally thought we could map bit values in 2.2.x to avoid affecti=
ng<br>
> modules, but that isn't possible since includes-with-exec is two b=
its<br>
> instead of one.<br>
<br>
</div>Hold on... I think this can still work;<br>
<br>
=A0* Retain new true 'Includes' bit as old IncludesNoExec macro va=
lue<br>
=A0 =A0Keep ancient Includes flag bit as 256, never true.<br>
<br>
=A0- all httpd modules testing for including but not executing<br>
=A0 =A0permission see the permission as allowed<br>
<br>
=A0- old httpd modules testing for includes with exec permission<br>
=A0 =A0see the permission as denied, until they update the module<br>
<br>
=A0- httpd modules which force/override the includes without exec<br>
=A0 =A0permission would still work<br>
<br>
=A0- httpd modules which force/override the includes exec behavior<br>
=A0 =A0would just fail to update anything (256 & 0xff =3D=3D 00), so i=
t<br>
=A0 =A0becomes a noop until they update the module<br>
<br>
So it has no negative security consequences, still would require<br>
an update to the rare module, but lets us ship something without<br>
really nasty side effects.<br>
</blockquote><div><br>I'll think harder about this once my latest propo=
sal gets shot down ;) </div></div><br>
--000e0cd247d48a589e046a86bf96--
