Bug#366124: marked as done (apache2: should mark its listening socket close-on-exec)
Your message dated Tue, 23 Jun 2009 21:34:24 +0000
with message-id <E1MJDdI-0006H0-SV@ries.debian.org>
and subject line Bug#366124: fixed in apr 1.3.5-2
has caused the Debian Bug report #366124,
regarding apache2: should mark its listening socket close-on-exec
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact firstname.lastname@example.org
Debian Bug Tracking System
Contact email@example.com with problems
--- Begin Message ---
- To: Debian Bug Tracking System <firstname.lastname@example.org>
- Subject: apache2: should mark its listening socket close-on-exec
- From: Marc Haber <email@example.com>
- Date: Fri, 05 May 2006 13:58:51 +0200
- Message-id: <firstname.lastname@example.org>
the exim4 maintainers have received an increasing number of support
cases where apache wouldn't start because there was an exim process
listening on port 80. People keep suggesting a compromised exim and
Only explanation I can come up with is the following:
(1) apache or something running inside the apache process (maybe a php
script using mail()) sends e-mail using /usr/lib/sendmail.
(2) exim, invoked as /usr/lib/sendmail, inherits the listening socket.
(3) exim cannot deliver the message right away and stays around
(4) while exim is still around, apache dies for some reason
(5) The newly started apache cannot bind to port 80 since it is still
held by the exim process exec()ed in (2).
I am told by one of the exim developers that the most easy way to
avoid this behavior would be to have apache mark its listening socket
close-on-exec to avoid exim inheriting the socket.
I'd like to hear your comments.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 22.214.171.124-zgsrv
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
--- End Message ---
--- Begin Message ---
We believe that the bug you reported is fixed in the latest version of
apr, which is due to be installed in the Debian FTP archive:
A summary of the changes between this version and the previous one is
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to email@example.com,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
Stefan Fritsch <firstname.lastname@example.org> (supplier of updated apr package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing email@example.com)
-----BEGIN PGP SIGNED MESSAGE-----
Date: Tue, 23 Jun 2009 22:15:02 +0200
Binary: libapr1 libapr1-dev libapr1-dbg
Architecture: source i386
Maintainer: Debian Apache Maintainers <firstname.lastname@example.org>
Changed-By: Stefan Fritsch <email@example.com>
libapr1 - The Apache Portable Runtime Library
libapr1-dbg - The Apache Portable Runtime Library - Debugging Symbols
libapr1-dev - The Apache Portable Runtime Library - Development Headers
apr (1.3.5-2) unstable; urgency=low
* Mark non-inheritable file descriptors with FD_CLOEXEC, to prevent leaking
them to processes exec'ed by applications that fail to use the apr API
correctly (i.e. mod_php). Closes: #366124
* Bump standards-version (no changes).
* Override soname lintian warning (too late to change that).
09b2ec29486dd239180e18462bbfc28ddc579469 1355 apr_1.3.5-2.dsc
e39c893af4b9e853b7c77f0fc2402a44724a2156 18313 apr_1.3.5-2.diff.gz
90dd22f37cd2ea9352cc7005792bb119f8d886a5 117000 libapr1_1.3.5-2_i386.deb
613205edbfced86cafe3443b765a84f839fdf963 872180 libapr1-dev_1.3.5-2_i386.deb
1468311f51b57e4c12a89bd5338c0648f33af9d8 56928 libapr1-dbg_1.3.5-2_i386.deb
63af59e4fdcc7912f8f77cd324a7803a753cf6d4e6fe9585556ee6fb44016655 1355 apr_1.3.5-2.dsc
eeb47c33916894363e0d7a2b74cfecf34cfd41ab1bd7449f6a35ded3a11d1a65 18313 apr_1.3.5-2.diff.gz
b27f6c58ede9a6c907833f63a3a409e5fb6fc994681e5652f6598f7b40131eae 117000 libapr1_1.3.5-2_i386.deb
e41186118fb5c051befd55bf74f0ef34ecdda009e06263a6133a4c2857ce0e4a 872180 libapr1-dev_1.3.5-2_i386.deb
ca29dc4e197909d10d4e9b8eb0d1f6b6cbff8b08f2cde846a80513f88537cf46 56928 libapr1-dbg_1.3.5-2_i386.deb
4bd83fdb0d4f6e797a2453e8d0a261b8 1355 libs optional apr_1.3.5-2.dsc
bd910b28eb1fc1d6bdbc255d8c0d4824 18313 libs optional apr_1.3.5-2.diff.gz
7a1e79710a333405f176c30a33da0807 117000 libs optional libapr1_1.3.5-2_i386.deb
0e63554864043feaf010eeda84cea88d 872180 libdevel optional libapr1-dev_1.3.5-2_i386.deb
3a102c4c86e5e7b0b4ff811582fee0c5 56928 debug extra libapr1-dbg_1.3.5-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----
--- End Message ---