httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: cgi performance in Apache-apr.
Date Mon, 03 May 1999 18:31:16 GMT
I'd say this is a proof of concept, not something I'd want to see
committed to the repository in either experimental or standard.

On Tue, 20 Apr 1999, Ryan Bloom wrote:

> char tmpnames[HARD_THREAD_LIMIT*HARD_SERVER_LIMIT][MAX_FILENAME_LEN];

Wow, that's a lot of wasted memory... why don't you just make the
filenames something deterministic such as pipe_$thread_$child. 

>     read(fd, &j, sizeof(int));

unchecked syscalls suck.

>         dirname = getenv("TMPDIR");
>         if (dirname) {
>             dirname = ap_pstrcat(p, dirname, "/apache", NULL);
>         }
>         else {
>             dirname = ap_pstrcat(p, "/tmp/apache", NULL);
>         }

Should default to the logs/ directory or have a directive controlling its
location. 

>         mkdir(dirname, S_IREAD | S_IWRITE | S_IEXEC);

security hole... because you're creating things in a publically writeable
directory.

>    fd = open(tmpnames[index], O_WRONLY);
>    send_req(fd, r, argv0, env);
>    ap_bpushfd(script_out, fd, fd);
>
>    fd2 = open(tmpnames[index + 1], O_RDONLY);
>    ap_bpushfd(script_in, fd2, fd2);
>
>    fd3 = open(tmpnames[index + 2], O_RDONLY);
>    ap_bpushfd(script_err, fd3, fd3);

There's a race condition -- you should open all the fds first before
sending the request.  Otherwise the daemon may pick up and start
writing before the pipes are open on both sides.

Dean


Mime
View raw message