httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: Followup re Apache 1.2.4 - hardwired accept lock ... message (fwd)
Date Sun, 31 Aug 1997 16:40:20 GMT
> On Sun, 31 Aug 1997, Randy Terbush wrote:
> 
> > > On Sun, 31 Aug 1997, Randy Terbush wrote:
> > > 
> > > > 
> > > > This came up recently when I asked the following question but
> > > > received no response. 
> > > > 
> > > > When Jim, Marc, Dean and I put our heads together on this lockfile 
> > > > issue, I had provided some code that located the default lockfile 
> > > > location to the same place as the PidFile. That seems to be the 
> > > > best way to deal with this IMO. Was there something wrong with that 
> > > > approach?
> > > 
> > > I do not recall that code.  In any case, the pid file is reasonably likely
> > > to be on a NFS mounted drive as well.  
> > 
> > Hmmm. Seems rather counter-intuitive to put PID info on a shared 
> > drive, but perhaps that is me. /tmp is probably safe on most 
> > systems, but is there a security hole that this could present?
> 
> No.  It is opened O_CREAT|O_EXCL.  The only risk is a denial of service
> attack.  If someone can anticipate the PID that will be used and create
> the file, they can stop Apache from starting.
> 
> Problem is that on some systems foolish people have nearly everything NFS
> mounted; people may not consciously put it on a shared drive, they just
> may not change the default.

True. The use of /tmp/ seems to be a good solution. 






Mime
View raw message