httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael H. Voase" <>
Subject Now that the shouting is over...
Date Thu, 03 Dec 1998 23:51:59 GMT
Gday ,

    Id just like to ask a small question on a hack Im doing
on mod_cgi . I know this is probably a bad time to ask
since you guys are flat out getting 2.0 ready but Ill
get to point . I have hacked up mod_cgi and called
it mod_cgisock . Instead of cgi talking to the cgi
process through two pipes , it talks via a unix
domain socket . The reason why I hacked it was
so that I could write a multithreaded cgi server that
could service serveral sockets at once and was reasonbly
fast . The bottom line is that to make me module work I had
to hack  http_request.c ( 1.3.1 ) to (after line 102 )

 * We don't want people able to serve up pipes, or unix sockets, or
 * scary things.  Note that symlink tests are performed later.
static int check_safe_file(request_rec *r)
    if (r->finfo.st_mode == 0         /* doesn't exist */
        || S_ISDIR(r->finfo.st_mode)
        || S_ISREG(r->finfo.st_mode)
        || S_ISSOCK(r->finfo.st_mode)     <-- Hacked Line
        || S_ISLNK(r->finfo.st_mode)) {
        return OK;

The reason I have done this is that the socket is located
by the URL . mod_cgisock the connects to the socket
and transfers the environment variables then interacts
with the socket in the same manner as cgi interacts
with a script ( the code is much the same with a socket
substituted ) .

    I just want to know  if is this a Bad Idea , has anyone done
this before and fell on their face . ( Before anyone says that
I have re-invented that wheel , fastcgi uses that URL to
locate that script or defined config . Thus doesnt require
this particular patch becuase the socket in fastcgi is
encapsulated by the module whereas this method just
seeks to be an interface for a cgi process . I have been
in discussions with Jonathon Roy and RobS over this ...) .
I am asking since the warning in the above code segment
seems to be fairly stern about the serving up of sockets .

Anyway I just want to canvas your opinions as exerienced
web masters so that I can determine if I should continue
with this project ...

( Note : In the module documentation there are many
warnings about this patch and its potential for
disaster . I dont want anybody getting burnt by it
while it is at this VERY alpha stage of developement )

Thanx for your time.

Cheers Mik Voase

P.S. Sorry ,but I dont quite think its cross platform
compatible with windoze . But it seems to be thread
safe by its design ;)

 /~\     /~\            CASTLE INDUSTRIES PTY. LTD.
 | |_____| |            Incorporated 1969. in N.S.W., Australia
 |         |            Phone +612 6562 1345 Fax +612 6567 1449
 |   /~\   |            Web
 |   [ ]   |            Michael H. Voase.  Director.
~~~~~~~~~~~~~~          Cause Linux Flies and Windoze Dies ... 'nuf said.

View raw message