httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Havard" <>
Subject Re: newbie thread/process model question in hybrid server
Date Sun, 11 Jul 1999 14:25:51 GMT
On Sun, 11 Jul 1999 10:03:46 -0400 (Eastern Daylight Time), Rasmus Lerdorf

>> Maybe, maybe not. If the segfault is just an accidental NULL dereference then
>> no damage is done.
>> The problem is that if the shared memory space is the entire server, in the
>> case of single process / multithread, you lose all active connections. Even
>> in hybrid mode you lose a large number. If there's a chance to recover by
>> just killing the thread you may as well try.
>But how do you know?  If you can't be sure that no memory corruption has
>taken place, then continuing is completely invalid, as far as I am

Can you ever be sure your memory isn't corrupted? Not all corruption causes a

>For all you know someone used a buffer overrun to insert a
>hack and on each subsequent request your server will email your password
>file to the world.  Ok, an extreme and unlikely case, especially on OS/2,
>but I think the point still holds.

An instruction that segfaults doesn't complete so it gives the hacker no
advantage. He just has to reduce the number of bytes written until it fits in
valid memory so it doesn't segfault and it works again.

 |  Brian Havard                 |  "He is not the messiah!                   |
 |  |  He's a very naughty boy!" - Life of Brian |

View raw message