httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: [PATCH] pid safety checks for 2.2.x
Date Wed, 27 Jun 2007 20:42:38 GMT

On Jun 27, 2007, at 1:52 PM, Joe Orton wrote:

> Here's the updated (and simpler) version of my patch which uses
> apr_proc_wait() to determine whether a pid is a valid child.   
> Simplifies
> the MPM logic a bit since the pid != 0 check is moved into
> ap_mpm_safe_kill().
>
> Tested for both prefork and worker (on Linux) to fix the vulnerability
> using mod_scribble:
>

I might be missing this (just did a quick scan) but
what about ap_reclaim_child_processes/reclaim_one_pid()?
Here we "trust" the pid in the scoreboard and
send signals.


Mime
View raw message