[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#446763: marked as done (apache2: often doesn't start when using SSLPassPhraseDialog with "|..." after upgrade to libssl0.9.8)

Your message dated Sun, 1 Jun 2008 23:13:28 -0700
with message-id <20080602061328.GB21391@jetty.home>
and subject line apache2: often doesn't start when using SSLPassPhraseDialog with "|..."
has caused the Debian Bug report #446763,
regarding apache2: often doesn't start when using SSLPassPhraseDialog with "|..." after upgrade to libssl0.9.8
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
446763: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446763
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apache2
Version: 2.2.3-4+etch1
Severity: normal


Today I installed an SSL security update. I don't remember wheter it was
libssl0.9.7 to libssl0.9.8 oder openssl or something like that. After
the upgrade, my Apache/2.2.3 didn't start up any more. It opened/created the
error log correctly, but didn't write anything to it. Neither to syslog.
I found out that:

* it started about 3 times out of 10 tries. I.e., when I tried
  /etc/init.d/apache2 start
  10 times, it worked 3 times, and the other 7 it failed

* when disabling mod_ssl, everything worked every time

* when enabling mod_ssl, it depends on how I use "SSLPassPhraseDialog".
  Without SSLPassPhraseDialog, everything worked every time

* With
	SSLPassPhraseDialog "|/path/to/my/shellscript"
  where this script just prints the passphrase to stdout,
  it failed in 3/10 times as described above.

* BUT, with
	SSLPassPhraseDialog "exec:/path/to/my/shellscript"
  everything works again.

* I tried to strace -f the apache start to find out what the error is,
  but then it works every time (even with SSLPassPhraseDialog |...).
  So I think this may be a race condition bug?

Now the bug is not so important because it now works with exec: for me.
But maybe this is a more serious bug and could be exploited somehow or
whatever...

Just let me know if you need more details.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-amd64
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8)

Versions of packages apache2 depends on:
ii  apache2-mpm-prefork        2.2.3-4+etch1 Traditional model for Apache HTTPD

apache2 recommends no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
exec: and | are supposed to behave differently.
The documentation (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslpassphrasedialog) says that if the value of SSLPassPhraseDialog starts with "exec:", your script is expected to write the passphrase to standard out.
If it starts with |, it is supposed to act like the built in dialog program.
So apache is behaving correctly.
If your script isn't talking to it right, it shouldn't be able to start.

-- 
_________________________
Ryan Niebur
RyanRyan52@gmail.com

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: