httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Woolley <jwool...@virginia.edu>
Subject Re: suexec+CGI = zombies in 1.3.28
Date Sun, 03 Aug 2003 00:14:46 GMT
On Sat, 2 Aug 2003, Bill Stoddard wrote:

> >>-	    if (ap_os_kill(p->pid, SIGTERM) == -1) {
> >>-                p->kill_how = kill_never;
> >>-            }
> >>-            else {
> >>-		need_timeout = 1;
> >>-            }
> >>+	    ap_os_kill(p->pid, SIGTERM);
> >>+	    need_timeout = 1;
>
> So you sucessfully kill the process, then you set need_timeout. You swap
> out and another process is started (by an httpd process) on the system
> with the same pid. Your swaped back in, detect the process (thinking it
> is the old process still hanging around) and kill it after a timeout.
> Is this possible or not?

Seems like the set of circumstances that would have to occur is fairly
unlikely but possible.  Though afaict those same circumstances would have
have been possible and would have had the same result even without this
patch.  No?

--Cliff

Mime
View raw message