On Thursday, March 20, 2003, at 01:50 PM, [EMAIL PROTECTED] wrote:
wrowe 2003/03/20 13:50:41
Modified: . CHANGES modules/loggers mod_log_config.c modules/mappers mod_rewrite.c server log.c mpm_common.c server/mpm/worker pod.c Log: SECURITY: Eliminated leaks of several file descriptors to child processes, such as CGI scripts.
[...]
apr_sockaddr_info_get(&(*pod)->sa, ap_listeners->bind_addr->hostname,
APR_UNSPEC, ap_listeners->bind_addr->port, 0, p);
+ /* close these before exec. */ + apr_file_unset_inherit((*pod)->pod_in); + apr_file_unset_inherit((*pod)->pod_out); + return APR_SUCCESS;
The PODs in the worker MPM are getting closed and the parent is then unable to kill its children when it needs to (don't you love how morbid that sounds?). I see one of these every second in the error log:
[Thu Mar 20 18:09:25 2003] [warn] (32)Broken pipe: write pipe_of_death
Since the unset_inherit() is being called from the open_logs hook, it's happening in the parent process, which means that the fork for the children is going to kill them off. We need to unset the inherit *after* we are running in the child.
-aaron
