[1356] | 1 | From: Stefan Fritsch <sf@apache.org> |
---|
| 2 | Date: Sat, 3 Oct 2009 13:46:48 +0000 |
---|
| 3 | Subject: suexec: Allow to log an error if exec fails by setting FD_CLOEXEC on the log file instead of closing it. |
---|
| 4 | |
---|
| 5 | PR: 10744 |
---|
| 6 | Submitted by: Nicolas Rachinsky |
---|
| 7 | Reviewed by: Stefan Fritsch |
---|
| 8 | |
---|
| 9 | Origin: upstream, http://svn.apache.org/viewvc?rev=821321&view=rev |
---|
| 10 | Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=10744 |
---|
| 11 | --- |
---|
| 12 | support/suexec.c | 18 +++++++++--------- |
---|
| 13 | 1 files changed, 9 insertions(+), 9 deletions(-) |
---|
| 14 | |
---|
| 15 | diff --git a/support/suexec.c b/support/suexec.c |
---|
| 16 | index cb4e85f..85e1318 100644 |
---|
| 17 | --- a/support/suexec.c |
---|
| 18 | +++ b/support/suexec.c |
---|
| 19 | @@ -49,6 +49,7 @@ |
---|
| 20 | #include <stdio.h> |
---|
| 21 | #include <stdarg.h> |
---|
| 22 | #include <stdlib.h> |
---|
| 23 | +#include <fcntl.h> |
---|
| 24 | #include <selinux/selinux.h> |
---|
| 25 | |
---|
| 26 | #ifdef HAVE_PWD_H |
---|
| 27 | @@ -714,17 +715,16 @@ TRUSTED_DIRECTORY: |
---|
| 28 | #endif /* AP_SUEXEC_UMASK */ |
---|
| 29 | |
---|
| 30 | /* |
---|
| 31 | - * Be sure to close the log file so the CGI can't |
---|
| 32 | - * mess with it. If the exec fails, it will be reopened |
---|
| 33 | - * automatically when log_err is called. Note that the log |
---|
| 34 | - * might not actually be open if AP_LOG_EXEC isn't defined. |
---|
| 35 | - * However, the "log" cell isn't ifdef'd so let's be defensive |
---|
| 36 | - * and assume someone might have done something with it |
---|
| 37 | - * outside an ifdef'd AP_LOG_EXEC block. |
---|
| 38 | + * ask fcntl(2) to set the FD_CLOEXEC flag on the log file, |
---|
| 39 | + * so it'll be automagically closed if the exec() call succeeds. |
---|
| 40 | */ |
---|
| 41 | if (log != NULL) { |
---|
| 42 | - fclose(log); |
---|
| 43 | - log = NULL; |
---|
| 44 | + fflush(log); |
---|
| 45 | + setbuf(log,NULL); |
---|
| 46 | + if ((fcntl(fileno(log), F_SETFD, FD_CLOEXEC) == -1)) { |
---|
| 47 | + log_err("error: can't set close-on-exec flag"); |
---|
| 48 | + exit(122); |
---|
| 49 | + } |
---|
| 50 | } |
---|
| 51 | |
---|
| 52 | /* |
---|