httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: Segmentation faults :(
Date Wed, 07 Oct 1998 18:48:00 GMT


On Wed, 7 Oct 1998, Michael Smith wrote:

> Yeh, we're trying to get some more information but haven't been able to persuade
> the solaris kernel to let 'nobody' dump core.

It's possibly because of the setuid()... the same thing happens in linux
and freebsd.  I had a generic workaround for this which I guess I should
have pushed into the source tree... uh... you can try
<http://www.arctic.org/~dgaudet/apache/1.3/arctic_mods_v2.patch> -- it's a
little out of date. 

You want all the changes to http_main.c related to "permanent_listeners",
and "pre_opened_socket".  Then you want to tweak support/listenwrap.c for
your setup.  Run listenwrap as root, it opens the socket you want, and
then does setuid and exec()s apache with the -p option to tell it what FD
has the pre-opened socket.

You'll have trouble with logging, because it'll be done as nobody.  But
this at least gets you to the point where you can debug the problem. 

I encourage someone to take the above and clean it up for the tree.  Given
that this coredump thing is ubiquitous (it's a security measure) we need a
generic solution to it.  Not to mention that this gives folks a method of
completely eliminating httpd running as root, not even the parent needs
root with this.

The logging problem can be worked around with a setuid piped logger
(setuid something other than nobody, doesn't need to be root).  Or it can
be worked around with a more sophisticated listenwrap program that opens
the logs as well. 

Dean



Mime
View raw message