httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: [PATCH] Make FLOCK mutex work PR#1056
Date Wed, 05 Nov 1997 01:21:07 GMT
Dean Gaudet wrote:
> 
> 
> 
> On Tue, 4 Nov 1997, Jim Jagielski wrote:
> 
> > -    lock_fd = popenf(p, lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0644);
> > +    lock_fd = popenf(p, lock_fname, O_CREAT | O_WRONLY, 0600);
> 
> Make the parent do an O_CREAT to create the file, and remove O_CREAT from
> the children ... to make the window in which an attacker can stuff a
> symlink in the way smaller... also helps make sure we notice if some dolt
> removes the lock file (the children would all exit, the server would chew
> lots of cpu spawning new children :).  It looks fine either way though. 
> 

Hmmm... On 2nd thought, it some idiot does remove the lockfile then
Apache would spawn new children that would immediately die because
they can't open the file (I'm not sure if that's what you meant).
I wonder if it's better to have Apache be more robust than that and
actually recover?

Agreed that the parent should make it initially.

-- 
====================================================================
      Jim Jagielski            |       jaguNET Access Services
     jim@jaguNET.com           |       http://www.jaguNET.com/
            "Look at me! I'm wearing a cardboard belt!"

Mime
View raw message