httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: cvs commit: apachen/htdocs/manual/mod core.html
Date Mon, 22 Dec 1997 23:19:48 GMT
Marc Slemko wrote:
> On 22 Dec 1997 wrote:
> >   	- add warning about possible denial of service attack with
> >   	  LockFile in world writable directory
> This is only possible with fcntl serialized accept because 
> flock serialized accept does an explicit unlink().

Both do an unlink() but the fcntl() version does one as soon as
the file's open; the flock(), due to the way flock() works on
vnodes/filenames, cannot be unlink()ed until the server dies.

> Is probably worth fixing by having flock serialized accept unlink
> it as well before starting.  The only risk here is that we could
> unlink a file we shouldn't, but...

Except that having the file unlink()ed causes the mutex to fail.
The current setup is the only one that works with flock()... :/

      Jim Jagielski            |       jaguNET Access Services           |
            "Look at me! I'm wearing a cardboard belt!"

View raw message