rpluem at apache
Oct 3, 2009, 12:55 PM
Post #1 of 2
(76 views)
Permalink
|
|
Re: svn commit: r821321 - in /httpd/httpd/trunk: CHANGES support/suexec.c
|
|
On 03.10.2009 15:46, sf[at]apache.org wrote:
> Author: sf
> Date: Sat Oct 3 13:46:48 2009
> New Revision: 821321
>
> URL: http://svn.apache.org/viewvc?rev=821321&view=rev
> Log:
> suexec: Allow to log an error if exec fails by setting FD_CLOEXEC
> on the log file instead of closing it.
>
> PR: 10744
> Submitted by: Nicolas Rachinsky
> Reviewed by: Stefan Fritsch
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/support/suexec.c
>
> Modified: httpd/httpd/trunk/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=821321&r1=821320&r2=821321&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Sat Oct 3 13:46:48 2009
> @@ -10,6 +10,9 @@
> mod_proxy_ftp: NULL pointer dereference on error paths.
> [Stefan Fritsch <sf fritsch.de>, Joe Orton]
>
> + *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
> + on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
> +
> *) mod_mime: Make RemoveType override the info from TypesConfig.
> PR 38330. [Stefan Fritsch]
>
>
> Modified: httpd/httpd/trunk/support/suexec.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/suexec.c?rev=821321&r1=821320&r2=821321&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/support/suexec.c (original)
> +++ httpd/httpd/trunk/support/suexec.c Sat Oct 3 13:46:48 2009
> @@ -46,6 +46,7 @@
> #include <stdio.h>
> #include <stdarg.h>
> #include <stdlib.h>
> +#include <fcntl.h>
>
> #ifdef HAVE_PWD_H
> #include <pwd.h>
> @@ -575,17 +576,16 @@
> #endif /* AP_SUEXEC_UMASK */
>
> /*
> - * Be sure to close the log file so the CGI can't
> - * mess with it. If the exec fails, it will be reopened
> - * automatically when log_err is called. Note that the log
> - * might not actually be open if AP_LOG_EXEC isn't defined.
> - * However, the "log" cell isn't ifdef'd so let's be defensive
> - * and assume someone might have done something with it
> - * outside an ifdef'd AP_LOG_EXEC block.
> + * ask fcntl(2) to set the FD_CLOEXEC flag on the log file,
> + * so it'll be automagically closed if the exec() call succeeds.
> */
> if (log != NULL) {
> - fclose(log);
> - log = NULL;
> + fflush(log);
> + setbuf(log,NULL);
> + if ((fcntl(fileno(log), F_SETFD, FD_CLOEXEC) == -1)) {
> + log_err("error: can't set close-on-exec flag");
> + exit(122);
> + }
> }
>
> /*
>
>
>
Shouldn't this depend on the existence of APR_HAVE_FCNTL_H?
Regards
RĂ¼diger
|
