Bug#925472: apache2: AuthLDAPBindPassword with exec: variant: child processes not properly destroyed
Source: apache2
Version: 2.4.25-3+deb9u6
Severity: normal
Tags: upstream
Forwarded: https://bz.apache.org/bugzilla/show_bug.cgi?id=61817
Control: found -1 2.4.25-3
Hi
When using a setup using for mod_authnz_ldap the AuthLDAPBindPassword
directive specifically with the exec: variant as documented in [1], a
respective child process is not destroyed correctly.
To reproduce the issue within a .htaccess file (we managed to
reproduce in .htaccess context but not in a directory context)
> AuthType Basic
> AuthName "Restricted access"
> AuthBasicProvider ldap
>
> AuthLDAPURL $url
> AuthLDAPBindDN $binddn
> AuthLDAPBindPassword "exec:/bin/cat /path/to/ldap/passwd"
>
> Require valid-user
is enough, resulting in defunct processes
[...]
S www-data 145731 82080 0 80 0 13016 223273 - 13:50 ? 00:00:00 \_ /usr/sbin/apache2 -k start
Z www-data 151575 145731 0 80 0 0 0 - 14:21 ? 00:00:00 | \_ [cat] <defunct>
S www-data 145732 82080 0 80 0 13980 223674 - 13:50 ? 00:00:00 \_ /usr/sbin/apache2 -k start
Z www-data 151686 145732 0 80 0 0 0 - 14:22 ? 00:00:00 \_ [cat] <defunct>
[...]
The issue has been submitted upstream already in [2] with a tentative
patch, but it looks the issue got not yet adressed upstream.
Regards,
Salvatore
[1] http://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html#AuthLDAPBindPassword
[2] https://bz.apache.org/bugzilla/show_bug.cgi?id=61817
Reply to: