[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#425248: apache2.2-common: apache2 may be killed by logrotate job



Package: apache2.2-common
Version: 2.2.3-4
Severity: normal

There are two differents problems, in /etc/init.d/apache2 restart 
function you use sleep 10 between start and stop, but 10 seconds is not 
enough in the case where some childs cannot be killed easily. So it tries 
to stop the server, and tries to start it before it is stopped so it is 
not able to start the server. This is not very important if no script are 
calling restart.

But /etc/logrotate.d/apache2 does. A good idea should be to use reload 
instead of restart. In the first case you may kill legitimate process and 
you do at least ten seconds of service outage (or more if the server 
doesn't restart...) which may be very bad on high availability services, 
in the second case you may loose some lines of logs and it's all.

(needless to say that this happened to me several times)

It may be an easy DOS attack, you just have to overload an apache server 
at 6:25 AM, with the overload it is going to take more than 10 seconds to 
stop and it will not restart, enjoy !

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.21.1-grsec
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)

Versions of packages apache2.2-common depends on:
ii  apache2-utils                2.2.3-4     utility programs for webservers
ii  libmagic1                    4.17-5etch1 File type determination library us
ii  lsb-base                     3.1-23.1    Linux Standard Base 3.1 init scrip
ii  mime-support                 3.39-1      MIME files 'mime.types' & 'mailcap
ii  net-tools                    1.60-17     The NET-3 networking toolkit
ii  procps                       1:3.2.7-3   /proc file system utilities

apache2.2-common recommends no packages.

-- no debconf information



Reply to: