httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject [PATCH] Make FLOCK mutex work PR#1056
Date Wed, 05 Nov 1997 00:54:38 GMT
This should close out that PR... The child does the open() before
it gives up root, thus making a DoS easier to guard against
(the lockfile should be located only where root can read/write
and not on a NFS point).

Index: src/main/http_main.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/http_main.c,v
retrieving revision 1.243
diff -u -r1.243 http_main.c
--- http_main.c	1997/11/03 10:11:42	1.243
+++ http_main.c	1997/11/05 00:52:35
@@ -276,6 +276,8 @@
 
 #define accept_mutex_cleanup()
 
+#define accept_mutex_child_init(x)
+
 static void accept_mutex_init(pool *p)
 {
     ptrdiff_t old;
@@ -347,6 +349,8 @@
     }
 }
 
+#define accept_mutex_child_init(x)
+
 static void accept_mutex_init(pool *p)
 {
     pthread_mutexattr_t mattr;
@@ -435,6 +439,7 @@
     semctl(sem_id, 0, IPC_RMID, ick);
 }
 
+#define accept_mutex_child_init(x)
 
 static void accept_mutex_init(pool *p)
 {
@@ -508,6 +513,8 @@
 
 #define accept_mutex_cleanup()
 
+#define accept_mutex_child_init(x)
+
 /*
  * Initialize mutex lock.
  * Must be safe to call this on a restart.
@@ -563,22 +570,33 @@
 
 static int lock_fd = -1;
 
-#define accept_mutex_cleanup()
+static void accept_mutex_cleanup(void)
+{
+    unlink(lock_fname);
+}
 
 /*
  * Initialize mutex lock.
- * Must be safe to call this on a restart.
+ * Done by each child at it's birth
  */
-static void accept_mutex_init(pool *p)
+static void accept_mutex_child_init(pool *p)
 {
 
-    expand_lock_fname(p);
-    lock_fd = popenf(p, lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0644);
+    lock_fd = popenf(p, lock_fname, O_CREAT | O_WRONLY, 0600);
     if (lock_fd == -1) {
 	aplog_error(APLOG_MARK, APLOG_EMERG, server_conf,
 		    "Cannot open lock file: %s\n", lock_fname);
 	exit(1);
     }
+}
+/*
+ * Initialize mutex lock.
+ * Must be safe to call this on a restart.
+ */
+static void accept_mutex_init(pool *p)
+{
+
+    expand_lock_fname(p);
     unlink(lock_fname);
 }
 
@@ -614,6 +632,7 @@
  * the sockets. */
 #define NO_SERIALIZED_ACCEPT
 #define accept_mutex_cleanup()
+#define accept_mutex_child_init(x)
 #define accept_mutex_init(x)
 #define accept_mutex_on()
 #define accept_mutex_off()
@@ -2623,6 +2642,7 @@
 
     /* needs to be done before we switch UIDs so we have permissions */
     reopen_scoreboard(pconf);
+    SAFE_ACCEPT(accept_mutex_child_init(pconf));
 
 #ifdef MPE
     /* Only try to switch if we're running as MANAGER.SYS */
-- 
====================================================================
      Jim Jagielski            |       jaguNET Access Services
     jim@jaguNET.com           |       http://www.jaguNET.com/
            "Look at me! I'm wearing a cardboard belt!"

Mime
View raw message