httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Sutherland <ja...@cam.ac.uk>
Subject Re: Question about USE_SYSVSEM_SERIALIZED_ACCEPT...
Date Wed, 07 Jun 2000 16:26:18 GMT
On Wed, 7 Jun 2000, Bill Stoddard wrote:

>  USE_SYSVSEM_SERIALIZED_ACCEPT:
>       Use System V semaphores to implement the semaphore.  These are
>       problematic in that they won't be cleaned up if apache is kill -9d,
>       and there's the potential of a CGI causing a denial of service
>       attack if it's running as the same uid as apache (i.e. suexec
>       is recommended on public servers).  But they can be faster than
>       either of fcntl() or flock() on some systems.
> 
> 
> Can someone give me a clue about the potential CGI DoS attack? I don't see it.

If the CGI is running as the same user as Apache, it owns the SysV
semaphore - so it can claim it. All the Apache child processes will then
assume that the CGI is performing the accept() calls, so they don't -
meaning no new connections get through: Apache is effectively dead.


James.


Mime
View raw message