Return-Path: 
 <apache-bugdb-owner-apache-bugdb-archive=hyperreal.org@apache.org>
Delivered-To: apache-bugdb-archive@hyperreal.org
Received: (qmail 18432 invoked by uid 6000); 17 Nov 1999 20:50:10 -0000
Received: (qmail 18228 invoked by uid 2001); 17 Nov 1999 20:50:01 -0000
Received: (qmail 15517 invoked by uid 2012); 17 Nov 1999 20:47:33 -0000
Message-Id: <19991117204733.15516.qmail@hyperreal.org>
Date: 17 Nov 1999 20:47:33 -0000
From: David Birnbaum <davidb@chelsea.net>
Reply-To: davidb@chelsea.net
To: apbugs@hyperreal.org
X-Send-Pr-Version: 3.2
Subject: suexec/5329: kill of CGI fails due to suexec permission change
Sender: apache-bugdb-owner@apache.org
Precedence: bulk


>Number:         5329
>Category:       suexec
>Synopsis:       kill of CGI fails due to suexec permission change
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Nov 17 12:50:01 PST 1999
>Last-Modified:
>Originator:     davidb@chelsea.net
>Organization:
apache
>Release:        1.3.9
>Environment:
SunOS spaten 5.6 Generic_105181-16 sun4m sparc SUNW,SPARCstation-20
>Description:
Truss shows hanging CGI.  Apache times out, tries to kill it and fails since
it no longer shares ownership.  The httpd process then hangs out until the 
CGI finally dies.  RLimit's help, but in this case the CGI process takes
a long time so we can't just arbitrarily set them low.

poll(0xEFFF75E8, 1, -1)         (sleeping...)
    Received signal #14, SIGALRM, in poll() [caught]
      siginfo: SIGALRM pid=6558 uid=0
poll(0xEFFF75E8, 1, -1)                         Err#4 EINTR
write(31, "1503\0\012D517D799 h EFA".., 23)     = 23
time()                                          = 942870983
time()                                          = 942870983
write(25, " [ 1 7 / N o v / 1 9 9 9".., 121)    = 121
close(31)                                       = 0
setcontext(0xEFFF73B0)
close(34)                                       = 0
read(36, 0x002D70B8, 4096)                      = 0
close(36)                                       = 0
time()                                          = 942870983
write(27, " 2 0 9 . 2 1 2 . 7 3 . 7".., 216)    = 216
time()                                          = 942870983
write(28, " 2 0 9 . 2 1 2 . 7 3 . 7".., 212)    = 212
times(0xEF7909CC)                               = 14890571
close(-1)                                       Err#9 EBADF
sigaction(SIGUSR1, 0xEFFFF830, 0xEFFFF8B0)      = 0
waitid(P_PID, 29031, 0xEFFFF6F8, WEXITED|WTRAPPED|WNOHANG) = 0
kill(29031, SIGTERM)                            Err#1 EPERM
kill(29031, SIGKILL)                            Err#1 EPERM
waitid(P_PID, 29031, 0xEFFFF6F8, WEXITED|WTRAPPED) (sleeping...)
>How-To-Repeat:
A CGI doing a sleep long enough should replicate it.
>Fix:
Um...er...well...no.  Perhaps the httpd process could fork suexec and
and ask it to kill the process?  I don't know if the child has any way 
of talking back to the parent.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <apbugs@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]