Return-Path: Delivered-To: apmail-apache-cvs-archive@apache.org Received: (qmail 81318 invoked by uid 500); 16 Aug 2001 14:03:14 -0000 Mailing-List: contact apache-cvs-help@apache.org; run by ezmlm Precedence: bulk Reply-To: new-httpd@apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list apache-cvs@apache.org Received: (qmail 81295 invoked by uid 500); 16 Aug 2001 14:03:14 -0000 Delivered-To: apmail-httpd-2.0-cvs@apache.org Date: 16 Aug 2001 13:59:14 -0000 Message-ID: <20010816135914.20228.qmail@icarus.apache.org> From: trawick@apache.org To: httpd-2.0-cvs@apache.org Subject: cvs commit: httpd-2.0/server/mpm/worker worker.c X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N Status: O X-Status: X-Keywords: X-UID: 222 trawick 01/08/16 06:59:14 Modified: . CHANGES configure.in os/unix unixd.c unixd.h server mpm_common.c server/mpm/prefork prefork.c server/mpm/threaded threaded.c server/mpm/worker worker.c Log: The Unix MPMs other than perchild now allow child server processes to use the accept mutex when starting as root and using SysV sems for the accept mutex. Previously, this combination would lead to fatal errors in the child server processes. perchild can't use SysV sems because of security issues. translation: steal apache 1.3 code to call semop(IPC_SET) on the semaphore to set permissions and uid/gid Revision Changes Path 1.299 +7 -0 httpd-2.0/CHANGES Index: CHANGES =================================================================== RCS file: /home/cvs/httpd-2.0/CHANGES,v retrieving revision 1.298 retrieving revision 1.299 diff -u -r1.298 -r1.299 --- CHANGES 2001/08/16 08:24:18 1.298 +++ CHANGES 2001/08/16 13:59:13 1.299 @@ -1,5 +1,12 @@ Changes with Apache 2.0.24-dev + *) The Unix MPMs other than perchild now allow child server + processes to use the accept mutex when starting as root and + using SysV sems for the accept mutex. Previously, this + combination would lead to fatal errors in the child server + processes. perchild can't use SysV sems because of security + issues. [Jeff Trawick, Greg Ames] + *) Added Win32 revision stamp resources to all http binaries (including modules/ and support/ tools.) PR7322 [William Rowe] 1.169 +2 -1 httpd-2.0/configure.in Index: configure.in =================================================================== RCS file: /home/cvs/httpd-2.0/configure.in,v retrieving revision 1.168 retrieving revision 1.169 diff -u -r1.168 -r1.169 --- configure.in 2001/08/13 15:44:00 1.168 +++ configure.in 2001/08/16 13:59:13 1.169 @@ -186,7 +186,8 @@ pwd.h \ grp.h \ strings.h \ -sys/processor.h +sys/processor.h \ +sys/sem.h ) AC_HEADER_SYS_WAIT 1.39 +36 -0 httpd-2.0/os/unix/unixd.c Index: unixd.c =================================================================== RCS file: /home/cvs/httpd-2.0/os/unix/unixd.c,v retrieving revision 1.38 retrieving revision 1.39 diff -u -r1.38 -r1.39 --- unixd.c 2001/08/13 04:57:34 1.38 +++ unixd.c 2001/08/16 13:59:14 1.39 @@ -69,6 +69,7 @@ #include "ap_mpm.h" #include "apr_thread_proc.h" #include "apr_strings.h" +#include "apr_portable.h" #ifdef HAVE_PWD_H #include #endif @@ -86,6 +87,9 @@ #ifdef HAVE_STRINGS_H #include #endif +#ifdef HAVE_SYS_SEM_H +#include +#endif unixd_config_rec unixd_config; @@ -371,5 +375,37 @@ return ap_unix_create_privileged_process(newproc, progname, args, env, attr, ugid, p); +} + +AP_DECLARE(apr_status_t) unixd_set_lock_perms(apr_lock_t *lock) +{ +/* MPM shouldn't call us unless we're actually using a SysV sem; + * this is just to avoid compile issues on systems without that + * feature + */ +#if APR_HAS_SYSVSEM_SERIALIZE + apr_os_lock_t oslock; +#if !APR_HAVE_UNION_SEMUN + union semun { + long val; + struct semid_ds *buf; + ushort *array; +}; +#endif + union semun ick; + struct semid_ds buf; + + if (!geteuid()) { + apr_os_lock_get(&oslock, lock); + buf.sem_perm.uid = unixd_config.user_id; + buf.sem_perm.gid = unixd_config.group_id; + buf.sem_perm.mode = 0600; + ick.buf = &buf; + if (semctl(oslock.crossproc, 0, IPC_SET, ick) < 0) { + return errno; + } + } +#endif + return APR_SUCCESS; } 1.24 +2 -1 httpd-2.0/os/unix/unixd.h Index: unixd.h =================================================================== RCS file: /home/cvs/httpd-2.0/os/unix/unixd.h,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- unixd.h 2001/07/30 17:55:38 1.23 +++ unixd.h 2001/08/16 13:59:14 1.24 @@ -69,6 +69,7 @@ #endif #include "apr_hooks.h" #include "apr_thread_proc.h" +#include "apr_lock.h" #include #include @@ -111,7 +112,7 @@ AP_DECLARE(void) unixd_set_rlimit(cmd_parms *cmd, struct rlimit **plimit, const char *arg, const char * arg2, int type); #endif - +AP_DECLARE(apr_status_t) unixd_set_lock_perms(apr_lock_t *lock); #ifdef HAVE_KILLPG #define unixd_killpg(x, y) (killpg ((x), (y))) 1.65 +8 -3 httpd-2.0/server/mpm_common.c Index: mpm_common.c =================================================================== RCS file: /home/cvs/httpd-2.0/server/mpm_common.c,v retrieving revision 1.64 retrieving revision 1.65 diff -u -r1.64 -r1.65 --- mpm_common.c 2001/08/14 12:30:49 1.64 +++ mpm_common.c 2001/08/16 13:59:14 1.65 @@ -593,7 +593,12 @@ ap_accept_lock_mech = APR_LOCK_FCNTL; } #endif -#if APR_HAS_SYSVSEM_SERIALIZE + /* perchild can't use SysV sems because the permissions on the accept + * mutex can't be set to allow all processes to use the mutex and + * at the same time keep all users from being able to dink with the + * mutex + */ +#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM) else if (!strcasecmp(arg, "sysvsem")) { ap_accept_lock_mech = APR_LOCK_SYSVSEM; } @@ -605,14 +610,14 @@ #endif else { return apr_pstrcat(cmd->pool, arg, " is an invalid mutex mechanism; valid " - "ones for this platform are: default" + "ones for this platform and MPM are: default" #if APR_HAS_FLOCK_SERIALIZE ", flock" #endif #if APR_HAS_FCNTL_SERIALIZE ", fcntl" #endif -#if APR_HAS_SYSVSEM_SERIALIZE +#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM) ", sysvsem" #endif #if APR_HAS_PROC_PTHREAD_SERIALIZE 1.196 +14 -0 httpd-2.0/server/mpm/prefork/prefork.c Index: prefork.c =================================================================== RCS file: /home/cvs/httpd-2.0/server/mpm/prefork/prefork.c,v retrieving revision 1.195 retrieving revision 1.196 diff -u -r1.195 -r1.196 --- prefork.c 2001/08/14 12:30:50 1.195 +++ prefork.c 2001/08/16 13:59:14 1.196 @@ -276,6 +276,20 @@ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, NULL, "couldn't create accept mutex"); exit(APEXIT_INIT); } + +#if APR_USE_SYSVSEM_SERIALIZE + if (ap_accept_lock_mech == APR_LOCK_DEFAULT || + ap_accept_lock_mech == APR_LOCK_SYSVSEM) { +#else + if (ap_accept_lock_mech == APR_LOCK_SYSVSEM) { +#endif + rv = unixd_set_lock_perms(accept_lock); + if (rv != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_EMERG, rv, NULL, + "Couldn't set permissions on cross-process lock"); + exit(APEXIT_INIT); + } + } } static void accept_mutex_on(void) 1.61 +14 -0 httpd-2.0/server/mpm/threaded/threaded.c Index: threaded.c =================================================================== RCS file: /home/cvs/httpd-2.0/server/mpm/threaded/threaded.c,v retrieving revision 1.60 retrieving revision 1.61 diff -u -r1.60 -r1.61 --- threaded.c 2001/08/14 12:30:50 1.60 +++ threaded.c 2001/08/16 13:59:14 1.61 @@ -1229,6 +1229,20 @@ return 1; } +#if APR_USE_SYSVSEM_SERIALIZE + if (ap_accept_lock_mech == APR_LOCK_DEFAULT || + ap_accept_lock_mech == APR_LOCK_SYSVSEM) { +#else + if (ap_accept_lock_mech == APR_LOCK_SYSVSEM) { +#endif + rv = unixd_set_lock_perms(accept_mutex); + if (rv != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, + "Couldn't set permissions on cross-process lock"); + return 1; + } + } + if (!is_graceful) { ap_run_pre_mpm(pconf, SB_SHARED); } 1.14 +14 -0 httpd-2.0/server/mpm/worker/worker.c Index: worker.c =================================================================== RCS file: /home/cvs/httpd-2.0/server/mpm/worker/worker.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- worker.c 2001/08/14 12:30:50 1.13 +++ worker.c 2001/08/16 13:59:14 1.14 @@ -1272,6 +1272,20 @@ return 1; } +#if APR_USE_SYSVSEM_SERIALIZE + if (ap_accept_lock_mech == APR_LOCK_DEFAULT || + ap_accept_lock_mech == APR_LOCK_SYSVSEM) { +#else + if (ap_accept_lock_mech == APR_LOCK_SYSVSEM) { +#endif + rv = unixd_set_lock_perms(accept_mutex); + if (rv != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, + "Couldn't set permissions on cross-process lock"); + return 1; + } + } + if (!is_graceful) { ap_run_pre_mpm(pconf, SB_SHARED); }