Bug#366124: marked as done (apache2: should mark its listening socket close-on-exec)

To: Stefan Fritsch <sf@debian.org>
Subject: Bug#366124: marked as done (apache2: should mark its listening socket close-on-exec)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 03 Jun 2010 13:57:13 +0000
Message-id: <[🔎] handler.366124.D366124.127557316410542.ackdone@bugs.debian.org>
References: <E1OKAqf-0004iE-Px@ries.debian.org> <20060505115851.3220.8818.reportbug@nechayev.zugschlus.de>

Your message dated Thu, 03 Jun 2010 13:52:41 +0000
with message-id <E1OKAqf-0004iE-Px@ries.debian.org>
and subject line Bug#366124: fixed in apr 1.2.12-5+lenny2
has caused the Debian Bug report #366124,
regarding apache2: should mark its listening socket close-on-exec
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
366124: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366124
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apache2: should mark its listening socket close-on-exec
From: Marc Haber <mh+debian-bugs@zugschlus.de>
Date: Fri, 05 May 2006 13:58:51 +0200
Message-id: <20060505115851.3220.8818.reportbug@nechayev.zugschlus.de>

Package: apache2
Severity: wishlist

Hi,

the exim4 maintainers have received an increasing number of support
cases where apache wouldn't start because there was an exim process
listening on port 80. People keep suggesting a compromised exim and
worse things.

Only explanation I can come up with is the following:

(1) apache or something running inside the apache process (maybe a php
    script using mail()) sends e-mail using /usr/lib/sendmail.
(2) exim, invoked as /usr/lib/sendmail, inherits the listening socket.
(3) exim cannot deliver the message right away and stays around
    (maybe teergrubed)
(4) while exim is still around, apache dies for some reason
(5) The newly started apache cannot bind to port 80 since it is still
    held by the exim process exec()ed in (2).

I am told by one of the exim developers that the most easy way to
avoid this behavior would be to have apache mark its listening socket
close-on-exec to avoid exim inheriting the socket.

I'd like to hear your comments.

Greetings
Marc


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.14-zgsrv
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)

--- End Message ---

--- Begin Message ---

To: 366124-close@bugs.debian.org
Subject: Bug#366124: fixed in apr 1.2.12-5+lenny2
From: Stefan Fritsch <sf@debian.org>
Date: Thu, 03 Jun 2010 13:52:41 +0000
Message-id: <E1OKAqf-0004iE-Px@ries.debian.org>

Source: apr
Source-Version: 1.2.12-5+lenny2

We believe that the bug you reported is fixed in the latest version of
apr, which is due to be installed in the Debian FTP archive:

apr_1.2.12-5+lenny2.diff.gz
  to main/a/apr/apr_1.2.12-5+lenny2.diff.gz
apr_1.2.12-5+lenny2.dsc
  to main/a/apr/apr_1.2.12-5+lenny2.dsc
libapr1-dbg_1.2.12-5+lenny2_i386.deb
  to main/a/apr/libapr1-dbg_1.2.12-5+lenny2_i386.deb
libapr1-dev_1.2.12-5+lenny2_i386.deb
  to main/a/apr/libapr1-dev_1.2.12-5+lenny2_i386.deb
libapr1_1.2.12-5+lenny2_i386.deb
  to main/a/apr/libapr1_1.2.12-5+lenny2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 366124@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apr package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 01 Jun 2010 23:11:19 +0200
Source: apr
Binary: libapr1 libapr1-dev libapr1-dbg
Architecture: source i386
Version: 1.2.12-5+lenny2
Distribution: stable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 libapr1    - The Apache Portable Runtime Library
 libapr1-dbg - The Apache Portable Runtime Library - Development Headers
 libapr1-dev - The Apache Portable Runtime Library - Development Headers
Closes: 366124
Changes: 
 apr (1.2.12-5+lenny2) stable; urgency=low
 .
   * Set FD_CLOEXEC flag on file descriptors. Not doing so caused Apache httpd
     modules which do not use the apr API for executing other processes to leak
     file descriptors to the called processes. In some setups, this could cause
     security issues and/or problems with Apache failing to restart. This issue
     affected mod_php (but not mod_cgi). Closes: #366124
Checksums-Sha1: 
 bf69101ff3452fb87eca3f67b697da093f747560 1285 apr_1.2.12-5+lenny2.dsc
 8bcd3636336ed440f91f7d1ceec38e43874fbe3c 14252 apr_1.2.12-5+lenny2.diff.gz
 cb3347a80ef124deb8b2434ea0eb3019569cc480 109460 libapr1_1.2.12-5+lenny2_i386.deb
 d809178334f4d5471305437804b4fcb4afcb5f8f 807118 libapr1-dev_1.2.12-5+lenny2_i386.deb
 7e0b4301014313aa48d4dd4f5e65d30a13f9c60c 54046 libapr1-dbg_1.2.12-5+lenny2_i386.deb
Checksums-Sha256: 
 b4a51ca919c635af223a398d12729fe2b9b436ee021b7f3c16b9e79b7b8a884f 1285 apr_1.2.12-5+lenny2.dsc
 da1790fc9c3123463f000db8cf20d6672cdc7e8f099efade7a13548b9906dccc 14252 apr_1.2.12-5+lenny2.diff.gz
 28055dd551841034ac41619412882e553bc4ca00860bbfa05f5fcaffbd82d855 109460 libapr1_1.2.12-5+lenny2_i386.deb
 c52b076df534be5adfa791967afb7340d6dcfd07e5f86f5e86f2846fd1cd3310 807118 libapr1-dev_1.2.12-5+lenny2_i386.deb
 c3fa09fb0d68b3c3281e318c85390fb4b088638ace7184375c9988d1f8770ec6 54046 libapr1-dbg_1.2.12-5+lenny2_i386.deb
Files: 
 13854f1307562fb5b8c65a784221451c 1285 libs optional apr_1.2.12-5+lenny2.dsc
 f1c3b4c9d43807d2f2b661b28aaa8721 14252 libs optional apr_1.2.12-5+lenny2.diff.gz
 a64c060b7f8c053988d5fbbafa70d8db 109460 libs optional libapr1_1.2.12-5+lenny2_i386.deb
 d55efe62a08fef79c11e76f48e7b4f63 807118 libdevel optional libapr1-dev_1.2.12-5+lenny2_i386.deb
 0bfd514f8fce858a74811372bf052f20 54046 libdevel extra libapr1-dbg_1.2.12-5+lenny2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFMBX6Tbxelr8HyTqQRAiL8AJ9uXN4dJos9NjaCkxgSrpYIv1vbwACfZQA1
cO84D3z7Dtc72nbE6aa39c4=
=dqNO
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: apr_1.2.12-5+lenny2_i386.changes ACCEPTED
Next by Date: Bug#584298: marked as done (apache2: Apache should not send a 304 response code if the Content-Type has changed)
Previous by thread: apr_1.2.12-5+lenny2_i386.changes ACCEPTED
Next by thread: Já pensou onde vai passar as suas férias?
Index(es):
- Date
- Thread