httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject Re: [Fwd: Apache httpd vulenrabilities]
Date Wed, 30 May 2007 18:57:36 GMT

On 05/30/2007 08:10 PM, Jim Jagielski wrote:
> On May 29, 2007, at 5:28 PM, William A. Rowe, Jr. wrote:
>> Essentially, PID tables need to move from the score to a local process
>> list only in the parent, and unshared.  That would solve the 80/20 of
>> this entire class of issues.
> Yes... Of course, it doesn't even need to be that extensive.
> If the parent process simply keeps in local storage a
> list of PIDs and before it does anything to the child
> process (send signal), it checks that the PID in the
> scoreboard is also in its own list, and only
> continues if it is.... This means that the scoreboard
> stays as is and the parent process just needs a
> small list of pid's added to it, plus some minor
> logic.

This is also my thought on this. Maybe the logic could be extended
somewhat so that the parent cross checks / sanity checks the number of
pids in its local storage and the number of active pids (a.k.a "non empty"
slots) in whatever state they are every time it decides that it needs
to start additional childs / kill childs. This should avoid / reduce
issues #1 / #4.

> The next coupla days I'll be mostly offline since my oldest
> son Jon is graduating and so there's the graduation, and
> planning, and party, etc...

All the best to Jon.



View raw message