On Thu, 20 Mar 2003, Aaron Bannert wrote:
Hi,
> > Log:
> > SECURITY: Eliminated leaks of several file descriptors to child
> > processes, such as CGI scripts.
>
> [...]
>
> > apr_sockaddr_info_get(&(*pod)->sa,
> > ap_listeners->bind_addr->hostname,
> > APR_UNSPEC,
> > ap_listeners->bind_addr->port, 0, p);
> >
> > + /* close these before exec. */
> > + apr_file_unset_inherit((*pod)->pod_in);
> > + apr_file_unset_inherit((*pod)->pod_out);
> > +
> > return APR_SUCCESS;
>
> The PODs in the worker MPM are getting closed and the parent is then
> unable to kill its children when it needs to (don't you love how
> morbid that sounds?). I see one of these every second in the error log:
>
> [Thu Mar 20 18:09:25 2003] [warn] (32)Broken pipe: write pipe_of_death
>
> Since the unset_inherit() is being called from the open_logs hook, it's
> happening in the parent process, which means that the fork for
> the children is going to kill them off. We need to unset the inherit
> *after* we are running in the child.
I am not really familiar with worker but what about this (untested) ?
does
a) pod work again and
b) are the fd's still closed on exec ?
--- httpd-2.0/server/mpm/worker/pod.c.orig Fri Mar 21 08:20:07 2003
+++ httpd-2.0/server/mpm/worker/pod.c Fri Mar 21 08:20:27 2003
@@ -75,10 +75,6 @@
apr_file_pipe_timeout_set((*pod)->pod_in, 0);
*/
(*pod)->p = p;
-
- /* close these before exec. */
- apr_file_unset_inherit((*pod)->pod_in);
- apr_file_unset_inherit((*pod)->pod_out);
return APR_SUCCESS;
}
--- httpd-2.0/server/mpm/worker/worker.c.orig Fri Mar 21 08:20:31 2003
+++ httpd-2.0/server/mpm/worker/worker.c Fri Mar 21 08:21:48 2003
@@ -1387,6 +1387,10 @@
#endif
RAISE_SIGSTOP(MAKE_CHILD);
+ /* close these before exec. */
+ apr_file_unset_inherit((*pod)->pod_in);
+ apr_file_unset_inherit((*pod)->pod_out);
+
apr_signal(SIGTERM, just_die);
child_main(slot);
Else we would need s.th. in apr that only sets child_cleanup_fn and
not both I think ...
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
56 69 73 69 74 http://www.zabbadoz.net/
