[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#366124: marked as done (apache2: should mark its listening socket close-on-exec)

Your message dated Tue, 23 Jun 2009 21:34:24 +0000
with message-id <E1MJDdI-0006H0-SV@ries.debian.org>
and subject line Bug#366124: fixed in apr 1.3.5-2
has caused the Debian Bug report #366124,
regarding apache2: should mark its listening socket close-on-exec
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

366124: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366124
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: apache2
Severity: wishlist


the exim4 maintainers have received an increasing number of support
cases where apache wouldn't start because there was an exim process
listening on port 80. People keep suggesting a compromised exim and
worse things.

Only explanation I can come up with is the following:

(1) apache or something running inside the apache process (maybe a php
    script using mail()) sends e-mail using /usr/lib/sendmail.
(2) exim, invoked as /usr/lib/sendmail, inherits the listening socket.
(3) exim cannot deliver the message right away and stays around
    (maybe teergrubed)
(4) while exim is still around, apache dies for some reason
(5) The newly started apache cannot bind to port 80 since it is still
    held by the exim process exec()ed in (2).

I am told by one of the exim developers that the most easy way to
avoid this behavior would be to have apache mark its listening socket
close-on-exec to avoid exim inheriting the socket.

I'd like to hear your comments.


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)

--- End Message ---
--- Begin Message ---
Source: apr
Source-Version: 1.3.5-2

We believe that the bug you reported is fixed in the latest version of
apr, which is due to be installed in the Debian FTP archive:

  to pool/main/a/apr/apr_1.3.5-2.diff.gz
  to pool/main/a/apr/apr_1.3.5-2.dsc
  to pool/main/a/apr/libapr1-dbg_1.3.5-2_i386.deb
  to pool/main/a/apr/libapr1-dev_1.3.5-2_i386.deb
  to pool/main/a/apr/libapr1_1.3.5-2_i386.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 366124@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Stefan Fritsch <sf@debian.org> (supplier of updated apr package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Tue, 23 Jun 2009 22:15:02 +0200
Source: apr
Binary: libapr1 libapr1-dev libapr1-dbg
Architecture: source i386
Version: 1.3.5-2
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
 libapr1    - The Apache Portable Runtime Library
 libapr1-dbg - The Apache Portable Runtime Library - Debugging Symbols
 libapr1-dev - The Apache Portable Runtime Library - Development Headers
Closes: 366124
 apr (1.3.5-2) unstable; urgency=low
   * Mark non-inheritable file descriptors with FD_CLOEXEC, to prevent leaking
     them to processes exec'ed by applications that fail to use the apr API
     correctly (i.e. mod_php). Closes: #366124
   * Bump standards-version (no changes).
   * Override soname lintian warning (too late to change that).
 09b2ec29486dd239180e18462bbfc28ddc579469 1355 apr_1.3.5-2.dsc
 e39c893af4b9e853b7c77f0fc2402a44724a2156 18313 apr_1.3.5-2.diff.gz
 90dd22f37cd2ea9352cc7005792bb119f8d886a5 117000 libapr1_1.3.5-2_i386.deb
 613205edbfced86cafe3443b765a84f839fdf963 872180 libapr1-dev_1.3.5-2_i386.deb
 1468311f51b57e4c12a89bd5338c0648f33af9d8 56928 libapr1-dbg_1.3.5-2_i386.deb
 63af59e4fdcc7912f8f77cd324a7803a753cf6d4e6fe9585556ee6fb44016655 1355 apr_1.3.5-2.dsc
 eeb47c33916894363e0d7a2b74cfecf34cfd41ab1bd7449f6a35ded3a11d1a65 18313 apr_1.3.5-2.diff.gz
 b27f6c58ede9a6c907833f63a3a409e5fb6fc994681e5652f6598f7b40131eae 117000 libapr1_1.3.5-2_i386.deb
 e41186118fb5c051befd55bf74f0ef34ecdda009e06263a6133a4c2857ce0e4a 872180 libapr1-dev_1.3.5-2_i386.deb
 ca29dc4e197909d10d4e9b8eb0d1f6b6cbff8b08f2cde846a80513f88537cf46 56928 libapr1-dbg_1.3.5-2_i386.deb
 4bd83fdb0d4f6e797a2453e8d0a261b8 1355 libs optional apr_1.3.5-2.dsc
 bd910b28eb1fc1d6bdbc255d8c0d4824 18313 libs optional apr_1.3.5-2.diff.gz
 7a1e79710a333405f176c30a33da0807 117000 libs optional libapr1_1.3.5-2_i386.deb
 0e63554864043feaf010eeda84cea88d 872180 libdevel optional libapr1-dev_1.3.5-2_i386.deb
 3a102c4c86e5e7b0b4ff811582fee0c5 56928 debug extra libapr1-dbg_1.3.5-2_i386.deb

Version: GnuPG v1.4.9 (GNU/Linux)


--- End Message ---

Reply to: