Bug#312385: apache2-common: suexec fails to open log file after a cgi error

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#312385: apache2-common: suexec fails to open log file after a cgi error
From: Arnaud Lavrard <arnaud@greffier.net>
Date: Tue, 07 Jun 2005 22:44:52 +0200
Message-id: <[🔎] 20050607204452.4314D7568C@poomerang.greffier.net>
Reply-to: Arnaud Lavrard <arnaud@greffier.net>, 312385@bugs.debian.org

Package: apache2-common
Version: 2.0.54-4
Severity: normal
Tags: patch


This bug was already reported for apache1 (and is fixed with the patch
018 in the debian source of apache) at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=153528 ("suEXEC can't
reopen error log when exec() fails").

The same problem occurs with apache2, but the patch can easily be
ported/applied from apache1 (attached).

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.9-ck3
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)

Versions of packages apache2-common depends on:
ii  apache2-utils               2.0.54-4     utility programs for webservers
ii  debconf                     1.4.50       Debian configuration management sy
ii  debianutils                 2.13.2       Miscellaneous utilities specific t
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libdb4.2                    4.2.52-18    Berkeley v4.2 Database Libraries [
ii  libexpat1                   1.95.8-3     XML parsing C library - runtime li
ii  libgcc1                     1:3.4.3-13   GCC support library
ii  libmagic1                   4.12-1       File type determination library us
ii  mime-support                3.34-1       MIME files 'mime.types' & 'mailcap
ii  net-tools                   1.60-13      The NET-3 networking toolkit
ii  openssl                     0.9.7g-1     Secure Socket Layer (SSL) binary a
ii  ssl-cert                    1.0-11       Simple debconf wrapper for openssl

-- no debconf information

--- build-tree/apache2/support/suexec.c.orig    2005-06-07 21:43:27.193421580 +0200
+++ build-tree/apache2/support/suexec.c 2005-06-07 21:48:50.471585901 +0200
@@ -42,6 +42,8 @@
 #if APR_HAVE_UNISTD_H
 #include <unistd.h>
 #endif
+/* for fcntl(fileno(log), F_SETFD, FD_CLOEXEC); */
+#include <fcntl.h>
 
 #include <stdio.h>
 #include <stdarg.h>
@@ -156,6 +158,8 @@
             perror("fopen");
             exit(1);
         }
+		/* Set the close-on-exec flag -- Liyang HU <liyang@nerv.cx> */
+		fcntl(fileno(log), F_SETFD, FD_CLOEXEC);
     }
 
     time(&timevar);
@@ -578,20 +582,6 @@
     umask(AP_SUEXEC_UMASK);
 #endif /* AP_SUEXEC_UMASK */
 
-    /* 
-     * Be sure to close the log file so the CGI can't
-     * mess with it.  If the exec fails, it will be reopened 
-     * automatically when log_err is called.  Note that the log
-     * might not actually be open if AP_LOG_EXEC isn't defined.
-     * However, the "log" cell isn't ifdef'd so let's be defensive
-     * and assume someone might have done something with it
-     * outside an ifdef'd AP_LOG_EXEC block.
-     */
-    if (log != NULL) {
-        fclose(log);
-        log = NULL;
-    }
-
     /*
      * Execute the command, replacing our image with its own.
      */

Reply to:

Prev by Date: Bug#311776: marked as done (apache-ssl: Basic Authentication does not work)
Next by Date: Top 10 meds bought online
Previous by thread: Bug#311776: Please, close this bug
Next by thread: Top 10 meds bought online
Index(es):
- Date
- Thread