Bug#425248: apache2.2-common: apache2 may be killed by logrotate job
Package: apache2.2-common
Version: 2.2.3-4
Severity: normal
There are two differents problems, in /etc/init.d/apache2 restart
function you use sleep 10 between start and stop, but 10 seconds is not
enough in the case where some childs cannot be killed easily. So it tries
to stop the server, and tries to start it before it is stopped so it is
not able to start the server. This is not very important if no script are
calling restart.
But /etc/logrotate.d/apache2 does. A good idea should be to use reload
instead of restart. In the first case you may kill legitimate process and
you do at least ten seconds of service outage (or more if the server
doesn't restart...) which may be very bad on high availability services,
in the second case you may loose some lines of logs and it's all.
(needless to say that this happened to me several times)
It may be an easy DOS attack, you just have to overload an apache server
at 6:25 AM, with the overload it is going to take more than 10 seconds to
stop and it will not restart, enjoy !
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.21.1-grsec
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Versions of packages apache2.2-common depends on:
ii apache2-utils 2.2.3-4 utility programs for webservers
ii libmagic1 4.17-5etch1 File type determination library us
ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip
ii mime-support 3.39-1 MIME files 'mime.types' & 'mailcap
ii net-tools 1.60-17 The NET-3 networking toolkit
ii procps 1:3.2.7-3 /proc file system utilities
apache2.2-common recommends no packages.
-- no debconf information
Reply to: