sync with trunk before I start mucking in the waters themselves
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/apreq-integration@725390 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/docs/manual/mod/mod_heartbeat.xml b/docs/manual/mod/mod_heartbeat.xml
new file mode 100644
index 0000000..3a488d0
--- /dev/null
+++ b/docs/manual/mod/mod_heartbeat.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
+<!-- $LastChangedRevision$ -->
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<modulesynopsis metafile="mod_heartbeat.xml.meta">
+
+<name>mod_heartbeat</name>
+<description></description>
+<status>Extension</status>
+<sourcefile>mod_heartbeat.c</sourcefile>
+<identifier>heartbeat_module</identifier>
+<compatibility>Available in 2.3 and later</compatibility>
+
+<summary>
+ <note><!-- FIXME: -->This document is still under development.</note>
+</summary>
+
+<directivesynopsis>
+<name>HeartbeatAddress</name>
+<description>Address to send heartbeat requests</description>
+<syntax></syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <note><!-- FIXME: -->This document is still under development.</note>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
diff --git a/docs/manual/mod/mod_heartmonitor.xml b/docs/manual/mod/mod_heartmonitor.xml
new file mode 100644
index 0000000..a0c81de
--- /dev/null
+++ b/docs/manual/mod/mod_heartmonitor.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
+<!-- $LastChangedRevision$ -->
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<modulesynopsis metafile="mod_heartmonitor.xml.meta">
+
+<name>mod_heartmonitor</name>
+<description></description>
+<status>Extension</status>
+<sourcefile>mod_heartmonitor.c</sourcefile>
+<identifier>heartmonitor_module</identifier>
+<compatibility>Available in 2.3 and later</compatibility>
+
+<summary>
+ <note><!-- FIXME: -->This document is still under development.</note>
+</summary>
+
+<directivesynopsis>
+<name>HeartbeatListen</name>
+<description>Address to listen for heartbeat requests</description>
+<syntax></syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <note><!-- FIXME: -->This document is still under development.</note>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>HeartbeatStorage</name>
+<description>Path to store heartbeat data</description>
+<syntax>HeartbeatStorage <var>file-path</var></syntax>
+<default>HeartbeatStorage logs/hb.dat</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <note><!-- FIXME: -->This document is still under development.</note>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
diff --git a/docs/manual/mod/mod_lbmethod_heartbeat.xml b/docs/manual/mod/mod_lbmethod_heartbeat.xml
new file mode 100644
index 0000000..71eaf16
--- /dev/null
+++ b/docs/manual/mod/mod_lbmethod_heartbeat.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
+<!-- $LastChangedRevision$ -->
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<modulesynopsis metafile="mod_lbmethod_heartbeat.xml.meta">
+
+<name>mod_lbmethod_heartbeat</name>
+<description><!-- FIXME: --> This document is still under development.</description>
+<status>Extension</status>
+<sourcefile>mod_lbmethod_heartbeat.c</sourcefile>
+<identifier>lbmethod_heartbeat_module</identifier>
+<compatibility>Available in version 2.3 and later</compatibility>
+
+<summary>
+ <note><!-- FIXME: --> This document is still under development.</note>
+</summary>
+<seealso><module>mod_proxy</module></seealso>
+<seealso><module>mod_proxy_balancer</module></seealso>
+<seealso><module>mod_heartbeat</module></seealso>
+<seealso><module>mod_heartmonitor</module></seealso>
+
+<directivesynopsis>
+<name>HeartbeatStorage</name>
+<description>Path to read heartbeat data</description>
+<syntax>HeartbeatStorage <var>file-path</var></syntax>
+<default>HeartbeatStorage logs/hb.dat</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <note><!-- FIXME: -->This document is still under development.</note>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
diff --git a/docs/manual/mod/mod_negotiation.xml.ja b/docs/manual/mod/mod_negotiation.xml.ja
index 56a50d9..8340670 100644
--- a/docs/manual/mod/mod_negotiation.xml.ja
+++ b/docs/manual/mod/mod_negotiation.xml.ja
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 151408:420990 (outdated) -->
+<!-- English Revision: 420990 -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
@@ -84,8 +84,8 @@
このヘッダがない場合、ファイルの実際の長さが使用されます。</dd>
<dt><code>Content-Type:</code></dt>
- <dd>ドキュメントの MIME
- メディアタイプ、オプショナルなパラメータ付き。パラメータの構文は
+ <dd>ドキュメントの <glossary ref="mime-type">MIME
+ メディアタイプ</glossary>、オプショナルなパラメータ付き。パラメータの構文は
<code>name=value</code>
で、メディアタイプや他のパラメータとはセミコロンで分離されます。
共通のパラメータは以下のとおり:
diff --git a/docs/manual/mod/mod_privileges.xml b/docs/manual/mod/mod_privileges.xml
index b6d141d..f63fb07 100644
--- a/docs/manual/mod/mod_privileges.xml
+++ b/docs/manual/mod/mod_privileges.xml
@@ -58,6 +58,92 @@
</summary>
+<section id="security"><title>Security Considerations</title>
+<p>There are three principal security concerns with mod_privileges:</p>
+<ul><li>Running as a system user introduces the same security issues
+ as mod_suexec, and near-equivalents such as cgiwrap and suphp.</li>
+<li>A privileges-aware malicious user extension (module or script)
+ could escalate its privileges to anything available to the
+ httpd process in any virtual host.</li>
+<li>A privileges-aware malicious user extension (module or script)
+ could escalate privileges to set its user ID to another
+ system user (and/or group).</li>
+</ul>
+
+<p>The first is amply discussed in the suexec page and elsewhere, and
+doesn't need repeating here. The second and third boil down to one
+principle: ensure no untrusted privileges-aware code can be loaded.
+</p>
+
+<p>There are several ways privileges-aware code could be loaded into Apache:</p>
+<ul>
+<li>within the base system (e.g. mod_privileges itself if statically linked).</li>
+<li>Loaded at startup using a LoadModule or LoadFile directive.</li>
+<li>Loaded at startup indirectly by an application module such as mod_php.</li>
+<li>Loaded at runtime by an application module or script.</li>
+</ul>
+
+<p>What gets loaded at startup is under the control of the sysop, and
+relatively easy to deal with. A tool will be provided to audit your
+installation. That leaves code loaded in the course of processing a
+request as the threat. There is unfortunately no generic way apache
+can control what a script running under an application module can load,
+so you should use the security provided by your scripting module
+and language.</p>
+
+<section><title>Security with mod_php</title>
+
+<p>There is no known PHP extension supporting Solaris privileges, so it
+is unlikely that a script could escalate privileges unless it can
+load external (non-PHP) privileges-aware code. However, you should
+nevertheless audit your mod_php installation.</p>
+
+<p>To prevent scripts loading privileges-aware code, PHP's dl() function
+should be disabled. This is automatic in safe mode.</p>
+
+</section>
+
+<section><title>Security with mod_perl</title>
+
+<p>Perl has an extension Sun::Solaris::Privileges that exposes the privileges
+API to scripts. You should ensure this extension is NOT installed if you
+have untrusted users.</p>
+
+<p>You will also need to ensure that your users cannot load shared objects
+(including PerlXS) from their own user directories, or that if this is
+enabled, the entire user-space must be carefully audited.</p>
+</section>
+
+<section><title>Security with mod_python</title>
+
+<p>There is no known Python extension supporting Solaris privileges, so it
+is unlikely that a script could escalate privileges unless it can
+load external (non-Python) privileges-aware code. However, you should
+nevertheless audit your mod_ruby installation.</p>
+
+<p>*** What are the issues of Python loading a shared object?</p>
+</section>
+
+<section><title>Security with mod_ruby</title>
+
+<p>There is no known Ruby extension supporting Solaris privileges, so it
+is unlikely that a script could escalate privileges unless it can
+load external (non-Ruby) privileges-aware code. However, you should
+nevertheless audit your mod_ruby installation.</p>
+
+<p>*** What are the issues of Ruby loading a shared object?</p>
+</section>
+
+<section><title>Security with Lua/mod_wombat</title>
+
+<p>???</p>
+</section>
+<section><title>Security with scripts</title>
+<p>The security issues of mod_privileges do not affect scripts such as
+traditional CGI, which run in a separate process. That includes
+PHP, Perl, Python, Ruby, etc, run out-of-process.</p>
+</section>
+</section>
<directivesynopsis>
<name>VHostUser</name>
<description>Sets the User ID under which a virtual host runs.</description>
diff --git a/modules/http/http_request.c b/modules/http/http_request.c
index fed313b..4da05d2 100644
--- a/modules/http/http_request.c
+++ b/modules/http/http_request.c
@@ -518,6 +518,15 @@
r->output_filters = rr->output_filters;
r->input_filters = rr->input_filters;
+ /* If any filters pointed at the now-defunct rr, we must point them
+ * at our "new" instance of r. In particular, some of rr's structures
+ * will now be bogus (say rr->headers_out). If a filter tried to modify
+ * their f->r structure when it is pointing to rr, the real request_rec
+ * will not get updated. Fix that here.
+ */
+ update_r_in_filters(r->input_filters, rr, r);
+ update_r_in_filters(r->output_filters, rr, r);
+
if (r->main) {
ap_add_output_filter_handle(ap_subreq_core_filter_handle,
NULL, r, r->connection);
@@ -541,20 +550,8 @@
}
if (next && (next->frec == ap_subreq_core_filter_handle)) {
ap_remove_output_filter(next);
- if (next == r->output_filters) {
- r->output_filters = r->output_filters->next;
- }
}
}
-
- /* If any filters pointed at the now-defunct rr, we must point them
- * at our "new" instance of r. In particular, some of rr's structures
- * will now be bogus (say rr->headers_out). If a filter tried to modify
- * their f->r structure when it is pointing to rr, the real request_rec
- * will not get updated. Fix that here.
- */
- update_r_in_filters(r->input_filters, rr, r);
- update_r_in_filters(r->output_filters, rr, r);
}
AP_DECLARE(void) ap_internal_redirect(const char *new_uri, request_rec *r)
