Re: svn commit: r901578 - in /httpd/httpd/trunk: CHANGES modules/http/http_request.c modules/metadata/mod_headers.c server/protocol.c

[Ruediger Pluem]

On 21.01.2010 08:20, wr...@apache.org wrote:
> Author: wrowe
> Date: Thu Jan 21 07:19:41 2010
> New Revision: 901578
> 
> URL: http://svn.apache.org/viewvc?rev=901578&view=rev
> Log:
> Correctly align the behavior of headers_in to be consistent with the
> treatment of headers_out, resolving PR 48359 by keeping subrequest
> scope changes out of the main request headers.  This ensures that all
> requests-without-bodies behave as the requests-with-bodies code has.
> 
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/modules/http/http_request.c
> httpd/httpd/trunk/modules/metadata/mod_headers.c
> httpd/httpd/trunk/server/protocol.c
> 
> Modified: httpd/httpd/trunk/modules/http/http_request.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_request.c?rev=901578&r1=901577&r2=901578&view=diff
> ==
> --- httpd/httpd/trunk/modules/http/http_request.c (original)
> +++ httpd/httpd/trunk/modules/http/http_request.c Thu Jan 21 07:19:41 2010
> @@ -442,7 +442,7 @@
>  new->request_time= r->request_time;
>  new->main= r->main;
>  
> -new->headers_in  = r->headers_in;
> +new->headers_in  = apr_table_copy(r->pool, r->headers_in);
>  new->headers_out = apr_table_make(r->pool, 12);
>  new->err_headers_out = r->err_headers_out;
>  new->subprocess_env  = rename_original_env(r->pool, r->subprocess_env);
> @@ -515,6 +515,8 @@
>  r->per_dir_config = rr->per_dir_config;
>  /* copy output headers from subrequest, but leave negotiation headers */
>  r->notes = apr_table_overlay(r->pool, rr->notes, r->notes);
> +r->headers_in = apr_table_overlay(r->pool, rr->headers_in,
> +  r->headers_in);

I think this is wrong. Think of the case where the subrequest does not change
anything on headers_in. In this case the contents of headers_in of the request
and the subrequest are the same (the subrequest has a copy of the requests
table). Doing an apr_table_overlay would result in a table that has all key
value pairs of the original headers_in doubled.

Regards

Rüdiger

Re: next alpha, this Wednesday?

[William A. Rowe Jr.]

On 1/20/2010 11:01 PM, Paul Querna wrote:
> I think i'll take the 1.4.2 APR tag, and try to use APR-Util 1.3.9

That sounds sensible.  I looked at either dropping crypto or backing up
to use the first take (as in the 2.3.4-alpha tarball), but really don't
want to do either hastily, with no feedback from the author.  If this
1.3.9 does the trick, we can take the time to do 1.4 right.

Actually working up a map the inform newer committers of the API argument
logic, and identify the broken API's for 2.0.  Though some might think
it should be obvious from the existing functions, there are a number of
bad examples now to lead the committer astray.

Bill

Re: next alpha, this Wednesday?

[Paul Querna]

I think i'll take the 1.4.2 APR tag, and try to use APR-Util 1.3.9

On Wed, Jan 20, 2010 at 3:17 PM, William A. Rowe Jr.
 wrote:
> On 1/20/2010 4:56 PM, Sander Temme wrote:
>>
>> On Jan 20, 2010, at 9:42 AM, William A. Rowe Jr. wrote:
>>
>>> On 1/20/2010 10:01 AM, Sander Temme wrote:

 And the %lld printf formatter on MacOSX... small, but it does break a test.
>>>
>>> That's fixed on the branch, or no?  About to tag 1.4.2.
>>
>> I'm about to get on a flight, will test once under way.
>
> Sorry - missed it.  It's tagged, and we'll move along to fix more bugs with
> the next release.
>
> I don't see a whole lot of reason to hold up a release if nobody on the 
> platform
> has cared to patch a known flaw in 3 months :)
>
> We can sort of count on a 1.4.3 soon, I have a request to fix a win32 edge 
> case
> for subversion that didn't merit destabilizing this release, but would be a
> great fix to have for windows users, before subversion 1.7 is released.
>
>

Re: [mod_fcgid PATCH] catch errors from setuid()/seteuid()

[pqf]

I man seteuid in my Linux box, there are two types of errors:
ERRORS
   The seteuid() function shall fail if:

   EINVAL The value of the uid argument is invalid and is not supported by 
the implementation.

   EPERM  The  process  does not have appropriate privileges and uid does 
not match the real group ID or the saved set-group-
  ID.

If directly pass 0 in setuid(), EINVAL may not happend
If this process is seteuid from root, EPERM may not happend

so, I think the check is just a textbook logic check? just call _exit(1) if it 
fail? 


--
From: "Jeff Trawick" 
Sent: Thursday, January 21, 2010 5:38 AM
To: 
Subject: [mod_fcgid PATCH] catch errors from setuid()/seteuid()

> During the last hackathon, Paul was kind enough to run the clang/llvm
> static analysis on mod_fcgid
> (http://zeus.kimaker.com/~chip/fcgid-scan/).  That pointed out these
> setuid()/seteuid() calls that aren't checked prior to running a child.
> 
> The error checking itself is simple enough, but there's an ugly aspect
> of the implementation that results in trying to switch effective/real
> uids multiple times that I worked around.  (See the FIXME text in the
> patch.  I'm not aware of a simple solution, especially one simple
> enough to get into 2.3.5)  The seteuid() call would otherwise fail on
> subsequent invocations for the same child.
> 
> IIRC Joe thought that the seteuid() wasn't needed at all, but the
> setuid() fails without it on Solaris.
> 
> Concerns?
> 
> Is there some reason that testing on Linux and Solaris wouldn't be sufficient?
> 

[mod_fcgid PATCH] display elapsed instead of absolute time in server status

[Jeff Trawick]

to represent when process was started and when it was last used.

Any concerns with this somewhat gratuitous change?

(also changes "Requests handled" to "Accesses")

now:

Pid Active  IdleAccessesState
30890   99  0   1479Ready

and after all such tables:

"Active and Idle are time active and time since last request, in seconds."

before:

Pid  Start time Last active timeRequest handled State
18135   1258059310  1258059318  126 Ready
17670   1258059285  1258059327  732 Ready
17671   1258059286  1258059327  948 Ready
18136   1258059310  1258059327  294 Ready
17672   1258059287  1258059320  331 Ready
Index: modules/fcgid/mod_fcgid.c
===
--- modules/fcgid/mod_fcgid.c   (revision 901434)
+++ modules/fcgid/mod_fcgid.c   (working copy)
@@ -295,6 +295,7 @@
 gid_t last_gid = 0;  
 uid_t last_uid = 0;
 apr_size_t last_share_grp_id = 0;
+apr_time_t now;
 const char *last_virtualhost = NULL;
 const char *basename, *tmpbasename;
 fcgid_procnode *proc_table = proctable_get_table_array();
@@ -353,6 +354,8 @@
 }
 proctable_unlock(r);
 
+now = apr_time_now();
+
 /* Sort the array */
 if (num_ent != 0)
 qsort((void *)ar, num_ent, sizeof(fcgid_procnode *),
@@ -383,8 +386,8 @@
 
 /* Create a new table for this process info */
 ap_rputs("\n\n"
- "PidStart timeLast active time"
- "Requests handledState"
+ "PidActiveIdle"
+ "AccessesState"
  "\n", r);
 
 last_inode = current_node->inode;
@@ -396,13 +399,18 @@
 }
 
 ap_rprintf(r, "%" APR_PID_T_FMT "%" APR_TIME_T_FMT 
"%" APR_TIME_T_FMT "%d%s",
-   current_node->proc_id.pid, 
apr_time_sec(current_node->start_time),
-   apr_time_sec(current_node->last_active_time),
+   current_node->proc_id.pid,
+   apr_time_sec(now - current_node->start_time),
+   apr_time_sec(now - current_node->last_active_time),
current_node->requests_handled,
get_state_desc(current_node));
 }
-if (num_ent != 0)
+if (num_ent != 0) {
 ap_rputs("\n\n", r);
+ap_rputs("\n"
+ "Active and Idle are time active and time 
since\n"
+ "last request, in seconds.\n", r);
+}
 
 return OK;
 }

Re: next alpha, this Wednesday?

[William A. Rowe Jr.]

On 1/20/2010 4:56 PM, Sander Temme wrote:
> 
> On Jan 20, 2010, at 9:42 AM, William A. Rowe Jr. wrote:
> 
>> On 1/20/2010 10:01 AM, Sander Temme wrote:
>>>
>>> And the %lld printf formatter on MacOSX... small, but it does break a test.
>>
>> That's fixed on the branch, or no?  About to tag 1.4.2.
> 
> I'm about to get on a flight, will test once under way. 

Sorry - missed it.  It's tagged, and we'll move along to fix more bugs with
the next release.

I don't see a whole lot of reason to hold up a release if nobody on the platform
has cared to patch a known flaw in 3 months :)

We can sort of count on a 1.4.3 soon, I have a request to fix a win32 edge case
for subversion that didn't merit destabilizing this release, but would be a
great fix to have for windows users, before subversion 1.7 is released.

Re: next alpha, this Wednesday?

[Sander Temme]

On Jan 20, 2010, at 9:42 AM, William A. Rowe Jr. wrote:

> On 1/20/2010 10:01 AM, Sander Temme wrote:
>> 
>> And the %lld printf formatter on MacOSX... small, but it does break a test.
> 
> That's fixed on the branch, or no?  About to tag 1.4.2.

I'm about to get on a flight, will test once under way. 

S.

-- 
Sander Temme
scte...@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF





smime.p7s
Description: S/MIME cryptographic signature

Re: DO NOT REPLY [Bug 48359] Buffer overflow related to setting RequestHeader

[Nick Kew]

On 20 Jan 2010, at 10:47, bugzi...@apache.org wrote:

> https://issues.apache.org/bugzilla/show_bug.cgi?id=48359
> 
> --- Comment #7 from Ruediger Pluem  2010-01-20 03:47:50 
> CET ---
> (In reply to comment #6)
>> It's a RFC - if your comment represents a +1, I'm happy to revert and commit
>> a patch based on his proposal - I was looking for a sanity check from the
>> other committers who had reviewed the original fix.
> 
> Yes, this a +1.

-1 for anything that's a candidate for backport to 2.2.
Unless someone can convince me otherwise.

This raises an issue of what exactly is a subrequest.  It's a mix of the
parent request and separate (new) fields, and request headers come
from the parent. There are probably modules that rely on this (without
risking the bug we're dealing with), and they'll break if we change it.

Using r->pool is IMHO the lesser of two evils.

-- 
Nick Kew

[mod_fcgid PATCH] catch errors from setuid()/seteuid()

[Jeff Trawick]

During the last hackathon, Paul was kind enough to run the clang/llvm
static analysis on mod_fcgid
(http://zeus.kimaker.com/~chip/fcgid-scan/).  That pointed out these
setuid()/seteuid() calls that aren't checked prior to running a child.

The error checking itself is simple enough, but there's an ugly aspect
of the implementation that results in trying to switch effective/real
uids multiple times that I worked around.  (See the FIXME text in the
patch.  I'm not aware of a simple solution, especially one simple
enough to get into 2.3.5)  The seteuid() call would otherwise fail on
subsequent invocations for the same child.

IIRC Joe thought that the seteuid() wasn't needed at all, but the
setuid() fails without it on Solaris.

Concerns?

Is there some reason that testing on Linux and Solaris wouldn't be sufficient?
Index: modules/fcgid/fcgid_proc_unix.c
===
--- modules/fcgid/fcgid_proc_unix.c (revision 901320)
+++ modules/fcgid/fcgid_proc_unix.c (working copy)
@@ -160,10 +160,44 @@
 return APR_SUCCESS;
 }
 
+static void log_setid_failure(const char *id_type,
+   uid_t user_id)
+{
+char errno_desc[120];
+char errmsg[240];
+
+apr_strerror(errno, errno_desc, sizeof errno_desc);
+apr_snprintf(errmsg, sizeof errmsg,
+ "(%d)%s: mod_fcgid child unable to set %s to %ld\n",
+ errno, errno_desc, id_type, (long)user_id);
+write(STDERR_FILENO, errmsg, strlen(errmsg));
+}
+
+/* FIXME 
+ * When using suexec, mod_fcgid registers this child cleanup
+ * with the pool for every FastCGI application as a way of
+ * switching user ids in the child before running suexec.
+ * But such a cleanup will be run for every such pool.  IOW,
+ * when creating the third FastCGI application process this
+ * cleanup will run three times before exec-ing.
+ * ap_unixd_config.user_id is invariant, so this does not
+ * cause an operational problem.  Note that seteuid(0) only
+ * works the first time, or until the first setuid(), so skip
+ * subsequent calls by checking the uid.
+ */
 static apr_status_t exec_setuid_cleanup(void *dummy)
 {
-seteuid(0);
-setuid(ap_unixd_config.user_id);
+if (getuid() != ap_unixd_config.user_id) {
+if (seteuid(0) == -1) {
+log_setid_failure("effective uid", 0);
+_exit(1);
+}
+
+if (setuid(ap_unixd_config.user_id) == -1) {
+log_setid_failure("uid", ap_unixd_config.user_id);
+_exit(1);
+}
+}
 return APR_SUCCESS;
 }
 
@@ -227,7 +261,10 @@
 return errno;
 }
 
-/* Unlink it when process exit */
+/* Register a cleanup to
+ * 1. Unlink the socket when the process exits
+ * 2. (suexec mode only, in the child cleanup) Switch to the configured uid
+ */
 if (ap_unixd_config.suexec_enabled) {
 apr_pool_cleanup_register(procnode->proc_pool,
   procnode, socket_file_cleanup,

Hackathon reminder 1/25 & 1/26

[William A. Rowe Jr.]

Just a quick reminder that the httpd & incubating Traffic Server
hackathon happens at the Google Campus in Mountain View CA this
coming Mon and Tues.  There's still time to register, just add
yourself to the wiki page at;

  http://wiki.apache.org/httpd/HTTPD%2BTS%2BHackathon

and expect the simulcast to occur on the irc.freenode.net #httpd-dev
channel, with open questions submitted to this list.  See you there!

Re: tagging mod_fcgid-2.3.5 in the next day or so...anything in-progress?

[Jeff Trawick]

On Wed, Jan 20, 2010 at 12:41 PM, William A. Rowe Jr.
 wrote:
> On 1/20/2010 6:05 AM, Jeff Trawick wrote:
>> Let me know if another day or two would help.  (I'll look at a couple
>> of issues myself to see if they have simple/safe solutions.)
>
> Actually, if you can tag this by tomorrow afternoon, I should be able
> to vote on it before the weekend, otherwise I won't be testing anything
> until next week.

will-do

Re: next alpha, this Wednesday?

[William A. Rowe Jr.]

On 1/20/2010 10:01 AM, Sander Temme wrote:
> 
> And the %lld printf formatter on MacOSX... small, but it does break a test.

That's fixed on the branch, or no?  About to tag 1.4.2.

Re: tagging mod_fcgid-2.3.5 in the next day or so...anything in-progress?

[William A. Rowe Jr.]

On 1/20/2010 6:05 AM, Jeff Trawick wrote:
> Let me know if another day or two would help.  (I'll look at a couple
> of issues myself to see if they have simple/safe solutions.)

Actually, if you can tag this by tomorrow afternoon, I should be able
to vote on it before the weekend, otherwise I won't be testing anything
until next week.  I have nothing to add in 2.3.5, my next ideas are
novel enough to be destabilizing, and 2.3.5 should be the bandaid to 2.3.4
regressions.

Re: next alpha, this Wednesday?

[Sander Temme]

On Jan 19, 2010, at 6:14 PM, William A. Rowe Jr. wrote:

>> For APR, we can use 1.4.1:
>> http://svn.apache.org/repos/asf/apr/apr/tags/1.4.1/
> 
> Actually 1.4.1 is going not-released, because of a significant hash/table
> regression.  But I'll make life easy, and tag 1.4.2 [essentially 1.4.1 less
> that broken commit] before lunchtime tomorrow.  As 1.4.1 saw no -other-
> objections than this problem observed at SVN, there's almost no reason
> it won't be approved.

And the %lld printf formatter on MacOSX... small, but it does break a test.

S.

-- 
Sander Temme
scte...@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF





smime.p7s
Description: S/MIME cryptographic signature

tagging mod_fcgid-2.3.5 in the next day or so...anything in-progress?

[Jeff Trawick]

Let me know if another day or two would help.  (I'll look at a couple
of issues myself to see if they have simple/safe solutions.)

RE: ErrorDocument and ProxyErrorOverride

[Mark Watts]

On Tue, 2010-01-19 at 16:54 -0800, Jeff Tharp wrote:
> That does fix this issue, but the browser still gets a 200 instead of a 404.  
> I know that's caused some confusion for our operation as well.  Think about 
> SEO here -- we have a site behind an Apache-based reverse proxy.  We want to 
> use ProxyErrorOverride and ErrorDocument to make sure we send proper error 
> pages no matter what the backend application spits out (because often times 
> its more like a stack trace than a nice human-readable page).  Yet, if we 
> trigger a 404, we send a 200 back, which of course means a search engine 
> crawler misses the original 404.  I need ProxyErrorOverride on to deal with 
> the 500/503 type errors from the backend.  And thus I can't send a nice 404 
> from the backend, because the proxy will still override it.  So how do I 
> return a clean 404 in that scenario?

Thats annoying - I'd only been looking at the logs since that was what I
was worried about, but now you mention it, returning a 404 to the client
is just as important :/

Mark.

>  Jeff Tharp, System Administrator ESRI - Redlands, CA
>  http://www.esri.com 
> 
> -Original Message-
> From: Mark Watts [mailto:m.wa...@eris.qinetiq.com] 
> Sent: Tuesday, January 19, 2010 1:12 AM
> To: dev@httpd.apache.org
> Subject: Re: ErrorDocument and ProxyErrorOverride
> 
> 
> > What appears in the log file of the proxy depends on how the access
> > log line is configured.
> > 
> > Have a look here
> > http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
> > 
> > If you have %s in your CustomLog directive, you'll log the 404. If you
> > have %>s you'll log the 200.
> 
> Bingo!
> 
> I do indeed have %>s in my LogFormat, which I'd never noticed before
> (ahh, the joys of cut 'n paste)
> 
> Thanks for this.
> 
> Mark.
> 

-- 
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg


signature.asc
Description: This is a digitally signed message part

Re: ErrorDocument and ProxyErrorOverride

[Sorin Manolache]

On Wed, Jan 20, 2010 at 01:54, Jeff Tharp  wrote:
> That does fix this issue, but the browser still gets a 200 instead of a 404.  
> I know that's caused some confusion for our operation as well.  Think about 
> SEO here -- we have a site behind an Apache-based reverse proxy.  We want to 
> use ProxyErrorOverride and ErrorDocument to make sure we send proper error 
> pages no matter what the backend application spits out (because often times 
> its more like a stack trace than a nice human-readable page).  Yet, if we 
> trigger a 404, we send a 200 back, which of course means a search engine 
> crawler misses the original 404.  I need ProxyErrorOverride on to deal with 
> the 500/503 type errors from the backend.  And thus I can't send a nice 404 
> from the backend, because the proxy will still override it.  So how do I 
> return a clean 404 in that scenario?

I understand your problem, we had and still have the same problem.

I guess, I am not sure though, that you simply cannot get a 404 by
configuration only, if the error page is served via an HTTP request.
You'll get the 404 in the case in which you have ErrorDocument 404
/local_file_on_the_reverse_proxy.

Maybe there could be some ways to still get the 404, but you need code.

For example, you could think of hooking proxy_request_status(int
*status, request_rec *r). There you could write

*status = r->prev->status. (r is the request that fetches the error
page and r->prev is the original request that gave you the 404.)

Next you will have to prevent apache to think that it got a recursive
error (error getting the error document). I don't know how to do that,
you'll have to dig into the apache sources.

Another line of thought is to hook insert_error_filter and there to
set a custom filter that sets the error code of the request that
fetches the error document. But I am just brainstorming, I do not know
if any of these ideas work.

Sorin

P.S. I think this discussion is more suited to the modules-dev mailing list.