Date: Thu, 24 Jul 1997 00:27:58 -0600 (MDT)
From: Marc Slemko <marcs@worldgate.com>
To: new-httpd@apache.org
Subject: Re: solaris HUP blues
In-Reply-To: <Pine.LNX.3.95dg3.970723224633.7392I-100000@twinlark.arctic.org>
Message-ID: <Pine.BSF.3.95q.970724001853.3572F-100000@valis.worldgate.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

On Wed, 23 Jul 1997, Dean Gaudet wrote:

> Oh my gawd, we use SO_REUSEADDR?  For some reason I've never noticed that. 
> This of course means that if a site tries to run a server on a port >=
> 1024 that any old user can share the port with the server.  Not that
> there's not other problems with high-numbered ports ... but just an
> observation. 

Yup.  More like steal on most setups, since Apache is bound to INADDR_ANY.
Some systems, like OpenBSD and Linux (? ... there have been so many broken
implementions of this restriction on Linux that I'm not sure where the
current score is...) do things like have a user credential associated with
a socket and don't let other users bind to it.

I won't bring up pserver again right now.  Sigh.

> 
> So you think the slack should just be moved after all the option settings? 
> Somehow I figured that'd be more dangerous.

Sigh.  I think we should say any version of Solaris before 2.6 is
unsupported.  Sigh.  

We can't have the option settings before ap_slack, because they may
magically disappear on some systems when you do the dup().  We can't have
ap_slack before the bind on Solaris, because that is broken.  We can't
have the options after the bind, because then the bind may fail.

Can anyone verify my fear of systems loosing settings when you do a dup()?
Ah.  Ok, on Solaris we can do them before the bind and ap_slack,
everywhere else we do them before the bind and after ap_slack.  That is
assuming Solaris doesn't loose socket options on a dup().  

And no, keeping the sockets open across HUPs doesn't solve the
SO_REUSEADDR problem.