Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Apache Software Businesses Apple

Apple Offers Fix For Apache HFS Security Hole 3

yuck72 writes: "According to an article http://www.stepwise.com/Articles/News/2001-06-15.0 1.html on Stepwise, Apple has apparently open-sourced their mod_hfs (and others) for Apache which provides a fix for the HFS security hole that was discovered last week." Source code for the Apple-created modules is released under the APSL, while the other fixes are under the GPL.
This discussion has been archived. No new comments can be posted.

Apple Offers Fix For Apache HFS Security Hole

Comments Filter:
  • Well, no, not newsworthy as a bugfix.

    A main point is that Apple was criticized and responded with an open-source fix which we can audit, verify, and improve.

    It also hints at the precedent that Apple's future responses to these sorts of issues will permit scrutiny by the open-source community. Apple is being closely watched to see how friendly they are to us. So far they're quite friendly. This is reassuring.

  • LOL. 5 comments? Where are all the slashdotters that hammered Apple 48 hours ago about this issue? Now a patch is out 3 days later, and they're gone.

    Don't worry, they'll be back to cry "apple is going out of business" next time there is an Apple article.

  • Apple isn't off the hook yet, and those gloaters need to stop.

    The SecurityFocus report was issued June 10. The patch was NOT issued "3 days later", as mentioned. In fact the patch had been incorporated into OSX server, so it was ready much earlier. However, there are now reports that the patch is incomplete and does not address the issue correctly. Go figure.

    But again, the real issue here should be the fact that the "patch": is unavailable via software update...includes no instructions for installation...isn't qualified for OSX (not the Server, mind you, the consumer version)...is not accompanied with so much as a security advisory from Apple.

    Clearly for a security threat--and lets be honest, SecurityFocus thinks so, as do others, IT IS A THREAT THAT NEEDS DEALT WITH--Apple has not even bothered with it. Their Security-Announce mailing list archive shows they didn't even send out an announcement about it. We can argue til we're blue about the severity of the threat, but I take the side that regardless of threat, it needs to be addressed, and Apple is going about that the wrong way.

    If Apple's Open Source "movement" were healthy, this would not have occurred.

"The one charm of marriage is that it makes a life of deception a neccessity." - Oscar Wilde

Working...