Bug#366124: apache2: should mark its listening socket close-on-exec

To: 366124@bugs.debian.org
Subject: Bug#366124: apache2: should mark its listening socket close-on-exec
From: Stefan Fritsch <sf@sfritsch.de>
Date: Sun, 12 Nov 2006 21:46:19 +0100
Message-id: <[🔎] 200611122146.19990.sf@sfritsch.de>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 366124@bugs.debian.org

> If Apache behaves like this, it's a security issue, especially if
> it occurs together with SuexecUserGroup.  Non-privileged processes
> can intercept HTTP requests and impersonate the web server process.

mod_cgi closes the socket (I checked 2.2) so it is only an issue with 
mod_php.

AFAIK mod_php has no facility to change the uid, so it is no security 
issue: As long as the uid stays the same, the spawned process can  
ptrace the apache process and do anything it wants anyway.

Maybe one could check fastcgi as well. But if the missing 
close-on-exec breaks restart in some cases, it should probably be 
fixed in apache itself.

Reply to:

Prev by Date: Re: Bug status
Next by Date: Processed: mod_deflate does not work correctly
Previous by thread: Bug#395959: marked as done (apache2: Auth dbd with MySQL driver doesn't work)
Next by thread: Bug#175351: mod_deflate does not work correctly
Index(es):
- Date
- Thread