Bug#312385: apache2-common: suexec fails to open log file after a cgi error
Package: apache2-common
Version: 2.0.54-4
Severity: normal
Tags: patch
This bug was already reported for apache1 (and is fixed with the patch
018 in the debian source of apache) at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=153528 ("suEXEC can't
reopen error log when exec() fails").
The same problem occurs with apache2, but the patch can easily be
ported/applied from apache1 (attached).
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.9-ck3
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)
Versions of packages apache2-common depends on:
ii apache2-utils 2.0.54-4 utility programs for webservers
ii debconf 1.4.50 Debian configuration management sy
ii debianutils 2.13.2 Miscellaneous utilities specific t
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [
ii libexpat1 1.95.8-3 XML parsing C library - runtime li
ii libgcc1 1:3.4.3-13 GCC support library
ii libmagic1 4.12-1 File type determination library us
ii mime-support 3.34-1 MIME files 'mime.types' & 'mailcap
ii net-tools 1.60-13 The NET-3 networking toolkit
ii openssl 0.9.7g-1 Secure Socket Layer (SSL) binary a
ii ssl-cert 1.0-11 Simple debconf wrapper for openssl
-- no debconf information
--- build-tree/apache2/support/suexec.c.orig 2005-06-07 21:43:27.193421580 +0200
+++ build-tree/apache2/support/suexec.c 2005-06-07 21:48:50.471585901 +0200
@@ -42,6 +42,8 @@
#if APR_HAVE_UNISTD_H
#include <unistd.h>
#endif
+/* for fcntl(fileno(log), F_SETFD, FD_CLOEXEC); */
+#include <fcntl.h>
#include <stdio.h>
#include <stdarg.h>
@@ -156,6 +158,8 @@
perror("fopen");
exit(1);
}
+ /* Set the close-on-exec flag -- Liyang HU <liyang@nerv.cx> */
+ fcntl(fileno(log), F_SETFD, FD_CLOEXEC);
}
time(&timevar);
@@ -578,20 +582,6 @@
umask(AP_SUEXEC_UMASK);
#endif /* AP_SUEXEC_UMASK */
- /*
- * Be sure to close the log file so the CGI can't
- * mess with it. If the exec fails, it will be reopened
- * automatically when log_err is called. Note that the log
- * might not actually be open if AP_LOG_EXEC isn't defined.
- * However, the "log" cell isn't ifdef'd so let's be defensive
- * and assume someone might have done something with it
- * outside an ifdef'd AP_LOG_EXEC block.
- */
- if (log != NULL) {
- fclose(log);
- log = NULL;
- }
-
/*
* Execute the command, replacing our image with its own.
*/
Reply to: