|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jason Wright (jason_at_cvs.openbsd.org)
Date: Thu Nov 07 2002 - 18:04:05 CST
CVSROOT: /cvs
Module name: src
Changes by: jason
cvs.openbsd.org 2002/11/07 17:04:04
Modified files:
usr.sbin/httpd/src/main: Tag: OPENBSD_3_2 http_main.c
Log message:
Pull in patch from current:
Fix (miod?, henning?):
*) SECURITY CAN-2002-0839 (cve.mitre.org)
Add the new directive 'ShmemUIDisUser'. By default, Apache
will no longer set the uid/gid of SysV shared memory scoreboard
to User/Group, and it will therefore stay the uid/gid of
the parent Apache process. This is actually the way it should
be, however, some implementations may still require this, which
can be enabled by 'ShmemUIDisUser On'. Reported by iDefense.
[Jim Jagielski]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]