Re: error_time reset in proxy_util.c

On Thu, Mar 5, 2015 at 11:14 AM, Ruediger Pluem rpl...@apache.org wrote: I suspect that the worker was already set to error by a parallel thread / process and hence PROXY_WORKER_IS_USABLE(worker) is false and causes worker-s-error_time to be reset which causes the worker to be open for

Re: error_time reset in proxy_util.c

On 03/05/2015 05:29 PM, Eric Covener wrote: On Thu, Mar 5, 2015 at 11:14 AM, Ruediger Pluem rpl...@apache.org wrote: I suspect that the worker was already set to error by a parallel thread / process and hence PROXY_WORKER_IS_USABLE(worker) is false and causes worker-s-error_time to be

Re: svn commit: r1664205 - in /httpd/httpd/trunk: CHANGES server/protocol.c

On Thu, Mar 5, 2015 at 10:09 AM, Ruediger Pluem rpl...@apache.org wrote: On 03/05/2015 10:01 AM, Yann Ylavic wrote: On Thu, Mar 5, 2015 at 9:38 AM, Ruediger Pluem rpl...@apache.org wrote: Don't we need to have the following in addition to avoid a crash in another path? Index: protocol.c

Re: svn commit: r1664205 - in /httpd/httpd/trunk: CHANGES server/protocol.c

On 03/05/2015 03:33 AM, cove...@apache.org wrote: Author: covener Date: Thu Mar 5 02:33:16 2015 New Revision: 1664205 URL: http://svn.apache.org/r1664205 Log: *) SECURITY: CVE-2015-0253 (cve.mitre.org) core: Fix a crash introduced in with ErrorDocument 400 pointing to a

Re: svn commit: r1664205 - in /httpd/httpd/trunk: CHANGES server/protocol.c

On Thu, Mar 5, 2015 at 9:38 AM, Ruediger Pluem rpl...@apache.org wrote: Don't we need to have the following in addition to avoid a crash in another path? Index: protocol.c === --- protocol.c (revision 1664261) +++

Re: Event and RINGs

On Wed, Mar 4, 2015 at 7:59 PM, Jim Jagielski j...@jagunet.com wrote: I am wondering if we are continuing to use RINGs in places where we should really migrate to using skiplists. afaict, we used RINGs initially because it was the only valid and available data structure we could use, but it

Re: svn commit: r1664205 - in /httpd/httpd/trunk: CHANGES server/protocol.c

On 03/05/2015 10:01 AM, Yann Ylavic wrote: On Thu, Mar 5, 2015 at 9:38 AM, Ruediger Pluem rpl...@apache.org wrote: Don't we need to have the following in addition to avoid a crash in another path? Index: protocol.c === ---

Re: svn commit: r1664118 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS modules/lua/lua_request.c

On 03/04/2015 08:18 PM, cove...@apache.org wrote: Author: covener Date: Wed Mar 4 19:18:27 2015 New Revision: 1664118 URL: http://svn.apache.org/r1664118 Log: Merge r1657261 from trunk: *) SECURITY: CVE-2015-0228 (cve.mitre.org) mod_lua: A maliciously crafted websockets PING

Re: Run external RewriteMap program as non-root

On 03/05/2015 07:55 AM, Jan Kaluža wrote: Hi, currently, the External Rewriting Program (RewriteMap prg:) is run as root. I would like to change it but I see three ways how to do it: 1. Execute it right after drop_privileges hook. This looks like best way, but I haven't found any

error_time reset in proxy_util.c

I am currently hunting down an issue where a balancer member that is set to error is reused before the retry time runs out. I think the reason is some race condition around line 2900 in proxy_util.c /* * Put the entire worker to error state if * the PROXY_WORKER_IGNORE_ERRORS flag

AW: Run external RewriteMap program as non-root

-Ursprüngliche Nachricht- Von: Jan Kaluža [mailto:jkal...@redhat.com] Gesendet: Donnerstag, 5. März 2015 14:08 An: dev@httpd.apache.org Betreff: Re: Run external RewriteMap program as non-root On 03/05/2015 12:53 PM, Yann Ylavic wrote: On Thu, Mar 5, 2015 at 12:08 PM, Jan

Re: Run external RewriteMap program as non-root

On Thu, Mar 5, 2015 at 12:08 PM, Jan Kaluža jkal...@redhat.com wrote: On 03/05/2015 07:55 AM, Jan Kaluža wrote: 3. Execute it where it is now (post_config), but set user/group using apr_procattr_t. So far I think this would duplicate the code of mod_unixd and would probably have to also

Re: Run external RewriteMap program as non-root

* Jan Kaluža wrote: Hi, currently, the External Rewriting Program (RewriteMap prg:) is run as root. I would like to change it but I see three ways how to do it: 1. Execute it right after drop_privileges hook. This looks like best way, but I haven't found any hook which could be used for

Re: Run external RewriteMap program as non-root

On 03/05/2015 07:55 AM, Jan Kaluža wrote: Hi, currently, the External Rewriting Program (RewriteMap prg:) is run as root. I would like to change it but I see three ways how to do it: 1. Execute it right after drop_privileges hook. This looks like best way, but I haven't found any hook which

Re: Run external RewriteMap program as non-root

On Thu, Mar 5, 2015 at 10:48 AM, André Malo n...@perlig.de wrote: 5) Let it drop the privileges by itself. I actually tend to 5 :-) +1

Re: Run external RewriteMap program as non-root

On 03/05/2015 09:54 AM, Jan Kaluža wrote: On 03/05/2015 09:03 AM, Ruediger Pluem wrote: On 03/05/2015 07:55 AM, Jan Kaluža wrote: Hi, currently, the External Rewriting Program (RewriteMap prg:) is run as root. I would like to change it but I see three ways how to do it: 1. Execute it right

Re: Run external RewriteMap program as non-root

On Thu, Mar 5, 2015 at 4:48 AM, André Malo n...@perlig.de wrote: 5) Let it drop the privileges by itself. I actually tend to 5 :-) +1 (as a new option as described in a followup) -- Eric Covener cove...@gmail.com

Re: Run external RewriteMap program as non-root

On 03/05/2015 12:53 PM, Yann Ylavic wrote: On Thu, Mar 5, 2015 at 12:08 PM, Jan Kaluža jkal...@redhat.com wrote: On 03/05/2015 07:55 AM, Jan Kaluža wrote: 3. Execute it where it is now (post_config), but set user/group using apr_procattr_t. So far I think this would duplicate the code of