Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 79998 invoked from network); 5 Feb 2009 00:11:58 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 5 Feb 2009 00:11:58 -0000 Received: (qmail 21109 invoked by uid 500); 5 Feb 2009 00:11:51 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 21045 invoked by uid 500); 5 Feb 2009 00:11:51 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 21036 invoked by uid 99); 5 Feb 2009 00:11:51 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Feb 2009 16:11:51 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of minfrin@sharp.fm designates 72.32.122.47 as permitted sender) Received: from [72.32.122.47] (HELO chandler.sharp.fm) (72.32.122.47) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Feb 2009 00:11:43 +0000 Received: from chandler.sharp.fm (localhost [127.0.0.1]) by chandler.sharp.fm (Postfix) with ESMTP id BABB8130105 for ; Wed, 4 Feb 2009 18:11:22 -0600 (CST) Received: from 87-194-125-17.bethere.co.uk (87-194-125-17.bethere.co.uk [87.194.125.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: minfrin@sharp.fm) by chandler.sharp.fm (Postfix) with ESMTP id 1F1561300FC for ; Wed, 4 Feb 2009 18:11:21 -0600 (CST) Message-ID: <498A2EA8.9080204@sharp.fm> Date: Thu, 05 Feb 2009 02:11:20 +0200 From: Graham Leggett User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209) MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: new watchdog module References: <4989BDBC.4040707@apache.org> <498A107C.4080400@apache.org> In-Reply-To: <498A107C.4080400@apache.org> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms060706000300020605020608" X-Virus-Scanned: ClamAV using ClamSMTP X-Virus-Checked: Checked by ClamAV on apache.org This is a cryptographically signed message in MIME format. --------------ms060706000300020605020608 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Ruediger Pluem wrote: > This seems to be a very valid concern to me. Plus in the parent it runs with root > privileges and we should minimize the code that runs with these privileges, even > more so as an author of code that uses the watchdog may not really be aware that > its code is running under root (in contrast to people who develop modules like > mod_unixd and mod_privileges). > > So we shouldn't run this in the parent process but only in the childs or fork a > separate child (like mod_cgid does) that only runs the watchdog if a > single-instance-non-locking watchdog is needed. I don't think there is a one size fits all solution to this, I think we should offer modules an option to spawn a thread/process/whatever both before or after the drop privileges step, and let the module author decide which is most relevant to them. Because it would be an explicit choice, and not an implicit one, there would be no confusion as to what user was running this code. Regards, Graham -- --------------ms060706000300020605020608 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJNTCC AvUwggJeoAMCAQICEE48SDZRMuwR+sMj0uPO8bgwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA4MTAxNDEzNDk1N1oX DTA5MTAxNDEzNDk1N1owXTEQMA4GA1UEBBMHTGVnZ2V0dDEPMA0GA1UEKhMGR3JhaGFtMRcw FQYDVQQDEw5HcmFoYW0gTGVnZ2V0dDEfMB0GCSqGSIb3DQEJARYQbWluZnJpbkBzaGFycC5m bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOHdkReI2hOK03fWwKA9UqHcjwRQ /gdmAIB/96pznww4TROCiCG/ugLzo2/feBQSuY467jFMBNudlzY+65avbP9Utys/0pa9lcK7 7hjXKKhgqL/UBSmSLxHie8pCo+74tqoOBTEkKj/Dc37mugeA0tdG1tOGc3yg8JhxEITl/9Sr Qm5NElCFs3dLksCh+3S0IFANct13lRr7aYezqlsVu7HiQkSc3uWDGtRAIWouimjvpfaPuBl/ hZCzQiWmHoW++C5kO5cxuO9UluW3oxk8+tJmsIA+6pJTfSHH5RbVrEXSlbkscSZ+/TYMw7rr /Mo8iqTANqNpInUfVE5nMmdqN5ECAwEAAaMtMCswGwYDVR0RBBQwEoEQbWluZnJpbkBzaGFy cC5mbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBADfOsPAXQyOnuF1AM2p/elY6 7QVH1C7xQZTQ809jKVM7/44FaS7u5t3RhH3HpVd/qO0xkYTw9NBbQMFn8XoK2RAHs+phssXh Z9sKfDJYmQN8H2xglQG4oUcdypLiv4l/1FE7OCh8dqQ5aMFrbT+Qq9nr1WGxXCemp8+Y3wgI GFBCMIIC9TCCAl6gAwIBAgIQTjxINlEy7BH6wyPS487xuDANBgkqhkiG9w0BAQUFADBiMQsw CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoG A1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDgxMDE0MTM0 OTU3WhcNMDkxMDE0MTM0OTU3WjBdMRAwDgYDVQQEEwdMZWdnZXR0MQ8wDQYDVQQqEwZHcmFo YW0xFzAVBgNVBAMTDkdyYWhhbSBMZWdnZXR0MR8wHQYJKoZIhvcNAQkBFhBtaW5mcmluQHNo YXJwLmZtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4d2RF4jaE4rTd9bAoD1S odyPBFD+B2YAgH/3qnOfDDhNE4KIIb+6AvOjb994FBK5jjruMUwE252XNj7rlq9s/1S3Kz/S lr2VwrvuGNcoqGCov9QFKZIvEeJ7ykKj7vi2qg4FMSQqP8Nzfua6B4DS10bW04ZzfKDwmHEQ hOX/1KtCbk0SUIWzd0uSwKH7dLQgUA1y3XeVGvtph7OqWxW7seJCRJze5YMa1EAhai6KaO+l 9o+4GX+FkLNCJaYehb74LmQ7lzG471SW5bejGTz60mawgD7qklN9IcflFtWsRdKVuSxxJn79 NgzDuuv8yjyKpMA2o2kidR9UTmcyZ2o3kQIDAQABoy0wKzAbBgNVHREEFDASgRBtaW5mcmlu QHNoYXJwLmZtMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAN86w8BdDI6e4XUAz an96VjrtBUfULvFBlNDzT2MpUzv/jgVpLu7m3dGEfcelV3+o7TGRhPD00FtAwWfxegrZEAez 6mGyxeFn2wp8MliZA3wfbGCVAbihRx3KkuK/iX/UUTs4KHx2pDlowWttP5Cr2evVYbFcJ6an z5jfCAgYUEIwggM/MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJa QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoT EVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERp dmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG 9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcN MTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRp bmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vp bmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f 6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/Ef kTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7 AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRw Oi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8E BAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqG SIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQc UCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bG CE6u9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDZDCCA2ACAQEwdjBiMQswCQYD VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEE48SDZRMuwR+sMj0uPO 8bgwCQYFKw4DAhoFAKCCAcMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMDkwMjA1MDAxMTIwWjAjBgkqhkiG9w0BCQQxFgQUHpcO+Z8BC7w/dRp0Q2rsJ/ke 8kYwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZI hvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgYUGCSsGAQQBgjcQBDF4MHYwYjEL MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhBOPEg2UTLsEfrD I9LjzvG4MIGHBgsqhkiG9w0BCRACCzF4oHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBAhBOPEg2UTLsEfrDI9LjzvG4MA0GCSqGSIb3DQEBAQUABIIB AMXvqSDOdBDtJatJxuTZwg2loh4qZyD4okV7wH2712+Pl1hnBlWVL+c9cGCuwY/M44OaeWQX ZI+UOdElnzVQ4shzoRlJcKzLVO9NCX5l8E19BWEj44lx4SUDNgGryI6ZiujBLmarNYJMZzSn lIrJXljoFOl9lV/IyYlAbWysbwmO85XfpUjk/pIeMJQv1prqyCwTSJwXRSPbfpCCI9XuVViD RLpEJfAuyhUEV/IA44unmlLFMB4qs8PCCMI7HXqggwcABL5zfvgAqWc/WSLsW2m6MDtLjA4t lus/5l+rCHBRElPmdhwbrT+VQghHYeZ4FN2Jl/DLgVvKDIqLWZXvEGUAAAAAAAA= --------------ms060706000300020605020608--