[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#446763: apache2: often doesn't start when using SSLPassPhraseDialog with "|..." after upgrade to libssl0.9.8

Package: apache2
Version: 2.2.3-4+etch1
Severity: normal


Today I installed an SSL security update. I don't remember wheter it was
libssl0.9.7 to libssl0.9.8 oder openssl or something like that. After
the upgrade, my Apache/2.2.3 didn't start up any more. It opened/created the
error log correctly, but didn't write anything to it. Neither to syslog.
I found out that:

* it started about 3 times out of 10 tries. I.e., when I tried
  /etc/init.d/apache2 start
  10 times, it worked 3 times, and the other 7 it failed

* when disabling mod_ssl, everything worked every time

* when enabling mod_ssl, it depends on how I use "SSLPassPhraseDialog".
  Without SSLPassPhraseDialog, everything worked every time

* With
	SSLPassPhraseDialog "|/path/to/my/shellscript"
  where this script just prints the passphrase to stdout,
  it failed in 3/10 times as described above.

* BUT, with
	SSLPassPhraseDialog "exec:/path/to/my/shellscript"
  everything works again.

* I tried to strace -f the apache start to find out what the error is,
  but then it works every time (even with SSLPassPhraseDialog |...).
  So I think this may be a race condition bug?

Now the bug is not so important because it now works with exec: for me.
But maybe this is a more serious bug and could be exploited somehow or
whatever...

Just let me know if you need more details.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-amd64
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8)

Versions of packages apache2 depends on:
ii  apache2-mpm-prefork        2.2.3-4+etch1 Traditional model for Apache HTTPD

apache2 recommends no packages.

-- no debconf information
Reply to: