On Wed, Jul 11, 2001 at 07:43:14AM -0700, [EMAIL PROTECTED] wrote: > > APR doesn't really handle signals, for a very good reason. They are > incredibly non-portable, and very difficult to deal with. Having said > that, there are some APR functions for dealing with signals. > > 1) apr_signal. Just like signal, only portable and predictable > > 2) apr_signal_thread puts a single thread into sigwait. Whenever ANY > signal is received that thread is woken up, and a function is called. The > function is passed in to the setup_signal_thread function. > > 3) You can get a list of signals understood by the machine. I can't > remember the function, but it is there. > > Most of Apache specifically tries to avoid any signals, although the > parent still relies on SIGWINCH, SIGTERM, and SIGHUP. And the children > rely on SIGTERM and sometimes on SIGINT.
okay... so... what you are saying, effectively, is that apache is vulnerable to a SIGPIPE DOS attack, amongst others. for xvl, i think... i think what i will do is simply rip all of the signal handling / fault / blocking etc. code out. xvl doesn't use apr_signal_thread() - it doesn't use threads [yet :)] when this issue has been addressed [DOS attacks possible via signals], i'll follow suit. all best, luke
