[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#366124: apache2: should mark its listening socket close-on-exec

Package: apache2
Severity: wishlist


the exim4 maintainers have received an increasing number of support
cases where apache wouldn't start because there was an exim process
listening on port 80. People keep suggesting a compromised exim and
worse things.

Only explanation I can come up with is the following:

(1) apache or something running inside the apache process (maybe a php
    script using mail()) sends e-mail using /usr/lib/sendmail.
(2) exim, invoked as /usr/lib/sendmail, inherits the listening socket.
(3) exim cannot deliver the message right away and stays around
    (maybe teergrubed)
(4) while exim is still around, apache dies for some reason
(5) The newly started apache cannot bind to port 80 since it is still
    held by the exim process exec()ed in (2).

I am told by one of the exim developers that the most easy way to
avoid this behavior would be to have apache mark its listening socket
close-on-exec to avoid exim inheriting the socket.

I'd like to hear your comments.


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)

Reply to: