('binary' encoding is not supported, stored as-is) In-Reply-To: <20030224132559.5665.qmailat_private> >I think the real way to fix this for CGI is to have the parent process >set the F_CLOEXEC flag on all the descriptors it opens, except those >that the child is supposed to inherit. > /snip/ >Michael Wojcik Yes, this is the correct fix and easy enough to do. I just don't know why they've blown it off for 4 months. This fix should be applied to all files, pipes, and sockets. So far, this thread has pretty much centered on whether or not access & error log inheritance is a problem. Has anyone looked to see what the scope of the problem is? (Maybe that would convince some people.) Has anyone played with various modules looking to see if anything beyond access or error logs are available? For example, if you look at mod_php, they leak the file descriptor from accept() and the descriptor to the php page being executed in addition to all the other descriptors. There's a lot of apache modules... -Steve Grubb
This archive was generated by hypermail 2b30 : Tue Feb 25 2003 - 15:48:11 PST