| [1356] | 1 | From: Stefan Fritsch <sf@apache.org> | 
|---|
|  | 2 | Date: Sat, 3 Oct 2009 13:46:48 +0000 | 
|---|
|  | 3 | Subject: suexec: Allow to log an error if exec fails by setting FD_CLOEXEC on the log file instead of closing it. | 
|---|
|  | 4 |  | 
|---|
|  | 5 | PR: 10744 | 
|---|
|  | 6 | Submitted by: Nicolas Rachinsky | 
|---|
|  | 7 | Reviewed by: Stefan Fritsch | 
|---|
|  | 8 |  | 
|---|
|  | 9 | Origin: upstream, http://svn.apache.org/viewvc?rev=821321&view=rev | 
|---|
|  | 10 | Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=10744 | 
|---|
|  | 11 | --- | 
|---|
|  | 12 | support/suexec.c |   18 +++++++++--------- | 
|---|
|  | 13 | 1 files changed, 9 insertions(+), 9 deletions(-) | 
|---|
|  | 14 |  | 
|---|
|  | 15 | diff --git a/support/suexec.c b/support/suexec.c | 
|---|
|  | 16 | index cb4e85f..85e1318 100644 | 
|---|
|  | 17 | --- a/support/suexec.c | 
|---|
|  | 18 | +++ b/support/suexec.c | 
|---|
|  | 19 | @@ -49,6 +49,7 @@ | 
|---|
|  | 20 | #include <stdio.h> | 
|---|
|  | 21 | #include <stdarg.h> | 
|---|
|  | 22 | #include <stdlib.h> | 
|---|
|  | 23 | +#include <fcntl.h> | 
|---|
|  | 24 | #include <selinux/selinux.h> | 
|---|
|  | 25 |  | 
|---|
|  | 26 | #ifdef HAVE_PWD_H | 
|---|
|  | 27 | @@ -714,17 +715,16 @@ TRUSTED_DIRECTORY: | 
|---|
|  | 28 | #endif /* AP_SUEXEC_UMASK */ | 
|---|
|  | 29 |  | 
|---|
|  | 30 | /* | 
|---|
|  | 31 | -     * Be sure to close the log file so the CGI can't | 
|---|
|  | 32 | -     * mess with it.  If the exec fails, it will be reopened | 
|---|
|  | 33 | -     * automatically when log_err is called.  Note that the log | 
|---|
|  | 34 | -     * might not actually be open if AP_LOG_EXEC isn't defined. | 
|---|
|  | 35 | -     * However, the "log" cell isn't ifdef'd so let's be defensive | 
|---|
|  | 36 | -     * and assume someone might have done something with it | 
|---|
|  | 37 | -     * outside an ifdef'd AP_LOG_EXEC block. | 
|---|
|  | 38 | +     * ask fcntl(2) to set the FD_CLOEXEC flag on the log file, | 
|---|
|  | 39 | +     * so it'll be automagically closed if the exec() call succeeds. | 
|---|
|  | 40 | */ | 
|---|
|  | 41 | if (log != NULL) { | 
|---|
|  | 42 | -        fclose(log); | 
|---|
|  | 43 | -        log = NULL; | 
|---|
|  | 44 | +        fflush(log); | 
|---|
|  | 45 | +        setbuf(log,NULL); | 
|---|
|  | 46 | +        if ((fcntl(fileno(log), F_SETFD, FD_CLOEXEC) == -1)) { | 
|---|
|  | 47 | +            log_err("error: can't set close-on-exec flag"); | 
|---|
|  | 48 | +            exit(122); | 
|---|
|  | 49 | +        } | 
|---|
|  | 50 | } | 
|---|
|  | 51 |  | 
|---|
|  | 52 | /* | 
|---|