httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: cvs commit: apachen/htdocs/manual/mod core.html
Date Mon, 22 Dec 1997 23:19:48 GMT
Marc Slemko wrote:
> 
> On 22 Dec 1997 marc@hyperreal.org wrote:
> 
> >   	- add warning about possible denial of service attack with
> >   	  LockFile in world writable directory
> 
> This is only possible with fcntl serialized accept because 
> flock serialized accept does an explicit unlink().

Both do an unlink() but the fcntl() version does one as soon as
the file's open; the flock(), due to the way flock() works on
vnodes/filenames, cannot be unlink()ed until the server dies.

> 
> Is probably worth fixing by having flock serialized accept unlink
> it as well before starting.  The only risk here is that we could
> unlink a file we shouldn't, but...

Except that having the file unlink()ed causes the mutex to fail.
The current setup is the only one that works with flock()... :/

-- 
====================================================================
      Jim Jagielski            |       jaguNET Access Services
     jim@jaguNET.com           |       http://www.jaguNET.com/
            "Look at me! I'm wearing a cardboard belt!"

Mime
View raw message