Bug#425248: marked as done (apache2.2-common: apache2 may be killed by logrotate job)
Your message dated Wed, 15 Aug 2007 22:01:20 + with message-id [EMAIL PROTECTED] and subject line Bug#298689: fixed in apache2 2.2.3-4+etch1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: apache2.2-common Version: 2.2.3-4 Severity: normal There are two differents problems, in /etc/init.d/apache2 restart function you use sleep 10 between start and stop, but 10 seconds is not enough in the case where some childs cannot be killed easily. So it tries to stop the server, and tries to start it before it is stopped so it is not able to start the server. This is not very important if no script are calling restart. But /etc/logrotate.d/apache2 does. A good idea should be to use reload instead of restart. In the first case you may kill legitimate process and you do at least ten seconds of service outage (or more if the server doesn't restart...) which may be very bad on high availability services, in the second case you may loose some lines of logs and it's all. (needless to say that this happened to me several times) It may be an easy DOS attack, you just have to overload an apache server at 6:25 AM, with the overload it is going to take more than 10 seconds to stop and it will not restart, enjoy ! -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.21.1-grsec Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) Versions of packages apache2.2-common depends on: ii apache2-utils2.2.3-4 utility programs for webservers ii libmagic14.17-5etch1 File type determination library us ii lsb-base 3.1-23.1Linux Standard Base 3.1 init scrip ii mime-support 3.39-1 MIME files 'mime.types' 'mailcap ii net-tools1.60-17 The NET-3 networking toolkit ii procps 1:3.2.7-3 /proc file system utilities apache2.2-common recommends no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: apache2 Source-Version: 2.2.3-4+etch1 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-doc_2.2.3-4+etch1_all.deb to pool/main/a/apache2/apache2-doc_2.2.3-4+etch1_all.deb apache2-mpm-event_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2-mpm-event_2.2.3-4+etch1_i386.deb apache2-mpm-perchild_2.2.3-4+etch1_all.deb to pool/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch1_all.deb apache2-mpm-prefork_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch1_i386.deb apache2-mpm-worker_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch1_i386.deb apache2-prefork-dev_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch1_i386.deb apache2-src_2.2.3-4+etch1_all.deb to pool/main/a/apache2/apache2-src_2.2.3-4+etch1_all.deb apache2-threaded-dev_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch1_i386.deb apache2-utils_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2-utils_2.2.3-4+etch1_i386.deb apache2.2-common_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2.2-common_2.2.3-4+etch1_i386.deb apache2_2.2.3-4+etch1.diff.gz to pool/main/a/apache2/apache2_2.2.3-4+etch1.diff.gz apache2_2.2.3-4+etch1.dsc to pool/main/a/apache2/apache2_2.2.3-4+etch1.dsc apache2_2.2.3-4+etch1_all.deb to pool/main/a/apache2/apache2_2.2.3-4+etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch [EMAIL PROTECTED] (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 13 Jun 2007 18:27:31 +0200 Source: apache2 Binary: apache2-utils apache2-prefork-dev apache2 apache2-mpm-prefork apache2-doc apache2-mpm-event apache2.2-common apache2-mpm-worker apache2-src apache2-threaded-dev apache2-mpm-perchild Architecture: source all
Bug#425248: marked as done (apache2.2-common: apache2 may be killed by logrotate job)
Your message dated Tue, 19 Jun 2007 07:52:15 + with message-id [EMAIL PROTECTED] and subject line Bug#298689: fixed in apache2 2.2.3-4+etch1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: apache2.2-common Version: 2.2.3-4 Severity: normal There are two differents problems, in /etc/init.d/apache2 restart function you use sleep 10 between start and stop, but 10 seconds is not enough in the case where some childs cannot be killed easily. So it tries to stop the server, and tries to start it before it is stopped so it is not able to start the server. This is not very important if no script are calling restart. But /etc/logrotate.d/apache2 does. A good idea should be to use reload instead of restart. In the first case you may kill legitimate process and you do at least ten seconds of service outage (or more if the server doesn't restart...) which may be very bad on high availability services, in the second case you may loose some lines of logs and it's all. (needless to say that this happened to me several times) It may be an easy DOS attack, you just have to overload an apache server at 6:25 AM, with the overload it is going to take more than 10 seconds to stop and it will not restart, enjoy ! -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.21.1-grsec Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) Versions of packages apache2.2-common depends on: ii apache2-utils2.2.3-4 utility programs for webservers ii libmagic14.17-5etch1 File type determination library us ii lsb-base 3.1-23.1Linux Standard Base 3.1 init scrip ii mime-support 3.39-1 MIME files 'mime.types' 'mailcap ii net-tools1.60-17 The NET-3 networking toolkit ii procps 1:3.2.7-3 /proc file system utilities apache2.2-common recommends no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: apache2 Source-Version: 2.2.3-4+etch1 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-doc_2.2.3-4+etch1_all.deb to pool/main/a/apache2/apache2-doc_2.2.3-4+etch1_all.deb apache2-mpm-event_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2-mpm-event_2.2.3-4+etch1_i386.deb apache2-mpm-perchild_2.2.3-4+etch1_all.deb to pool/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch1_all.deb apache2-mpm-prefork_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch1_i386.deb apache2-mpm-worker_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch1_i386.deb apache2-prefork-dev_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch1_i386.deb apache2-src_2.2.3-4+etch1_all.deb to pool/main/a/apache2/apache2-src_2.2.3-4+etch1_all.deb apache2-threaded-dev_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch1_i386.deb apache2-utils_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2-utils_2.2.3-4+etch1_i386.deb apache2.2-common_2.2.3-4+etch1_i386.deb to pool/main/a/apache2/apache2.2-common_2.2.3-4+etch1_i386.deb apache2_2.2.3-4+etch1.diff.gz to pool/main/a/apache2/apache2_2.2.3-4+etch1.diff.gz apache2_2.2.3-4+etch1.dsc to pool/main/a/apache2/apache2_2.2.3-4+etch1.dsc apache2_2.2.3-4+etch1_all.deb to pool/main/a/apache2/apache2_2.2.3-4+etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch [EMAIL PROTECTED] (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 13 Jun 2007 18:27:31 +0200 Source: apache2 Binary: apache2-utils apache2-prefork-dev apache2 apache2-mpm-prefork apache2-doc apache2-mpm-event apache2.2-common apache2-mpm-worker apache2-src apache2-threaded-dev apache2-mpm-perchild Architecture: source all
