Bug#357561: Fix with patch

To: 357561@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#357561: Fix with patch
From: Matthew Johnson <debian@matthew.ath.cx>
Date: Fri, 23 Feb 2007 11:40:00 +0000 (GMT)
Message-id: <[🔎] Pine.LNX.4.63.0702231039520.30101@illythia.matthew.ath.cx>
Reply-to: Matthew Johnson <debian@matthew.ath.cx>, 357561@bugs.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

tags 357561 +patch
thanks

Replacing 033_-F_NO_SETSID with the attached patch which allows setsid()
to fail when do_detach == 0 should retain the fix for #244857 while also
closing the local root hole present with 033_-F_NO_SETSID.
514_nice_proxy_cache_cleanup also needs updating as it patches against
the same file (also attached).

I have prepared an NMU with the attached patches, which can be found at
http://mjj29.matthew.ath.cx/debian-upload/apache/. I hope that the RMs
will consider this change for etch as it closes a potential (if not
high-priority) root exploit in our apache package. I am not a DD, so I
shall be looking for a sponsor to upload this package if the apache
maintenance team don't do so first.

Matt

- --Matthew Johnson

http://www.matthew.ath.cx/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFF3tKXpldmHVvob7kRAl3NAJ467Viwp2SA8miCeZ4DPogTAOxs7QCgy+cf
KqhjdLmai8JitwUgNHDMnwQ=
=EgvR
-----END PGP SIGNATURE-----

diff -Naurd build-tree.orig/apache_1.3.34/src/main/http_main.c build-tree/apache_1.3.34/src/main/http_main.c
--- build-tree.orig/apache_1.3.34/src/main/http_main.c	2005-04-05 13:21:33.000000000 +0100
+++ build-tree/apache_1.3.34/src/main/http_main.c	2007-02-23 10:26:42.419661192 +0000
@@ -3451,7 +3451,10 @@
 	if (!do_detach) 
 	    fprintf(stderr, "setsid() failed probably because you aren't "
 		"running under a process management tool like daemontools\n");
-	exit(1);
+  /* Don't exit because of setsid() when we aren't
+   * detaching, it fails then anyway. */
+	else
+	   exit(1);
     }
 #elif defined(NEXT) || defined(NEWSOS)
     if (setpgrp(0, getpid()) == -1 || (pgrp = getpgrp(0)) == -1) {

diff -Naurd build-tree.orig/apache_1.3.34/src/modules/proxy/proxy_cache.c build-tree/apache_1.3.34/src/modules/proxy/proxy_cache.c
--- build-tree.orig/apache_1.3.34/src/modules/proxy/proxy_cache.c	2007-02-23 11:00:19.641729000 +0000
+++ build-tree/apache_1.3.34/src/modules/proxy/proxy_cache.c	2007-02-23 11:01:29.490094942 +0000
@@ -191,6 +191,7 @@
 
         case 0:         /* Child */
             /* The setpgrp() stuff was snarfed from http_main.c */
+      	   nice(10);
 #ifndef NO_SETSID
             if ((pgrp = setsid()) == -1) {
                 perror("setsid");

Reply to:

Follow-Ups:
- Processed: Fix with patch
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Fix with patch
Next by Date: Processed: tagging 357561
Previous by thread: Bug#408956: Acknowledgement (apache2: PHP4 --> PHP5: DirectoryIndex sometimes doesn't work)
Next by thread: Processed: Fix with patch
Index(es):
- Date
- Thread