On Thu, Jun 21, 2007 at 11:22:09PM +0200, Ruediger Pluem wrote: > On 06/21/2007 06:51 PM, Joe Orton wrote: > > Secondly: I think this approach is unnecessarily complex. I think it's > > sufficient to simply check whether the target process is in the right > > process group before sending a signal, i.e. getpgid(pid) == getpgrp(). > > This ensures that the parent will only kill things it created. > > > > It is reasonable to assume that the parent's process group holds exactly > > the set of processes which is safe to kill - prefork relies on that > > being so when handling SIGHUP already. > > > > Patch below is PoC. > > So I assume the patches for the other MPM's will follow.
AFAICT beos and mpmt_os2 don't have any kind of parent/child privilege separation like the Unix MPMs - so the only one not covered by my patch is event. > BTW: Do we have getpgrp / getpgid on all these systems? getpgrp() is used already. getpgid() not so - it dates from SVR4 so support in BSDs is worth checking; from man pages it's in OpenBSD 2.2 (1997), NetBSD 1.3 (1998) and I can't tell when in FreeBSD. Looks like some older vintage of BSD had a getpgrp() which was equivalent to getpgid(), unlike the SVR4/POSIX getpgrp(), so that might give better coverage too. > > Index: server/mpm/prefork/prefork.c > > =================================================================== > > --- server/mpm/prefork/prefork.c (revision 549489) > > +++ server/mpm/prefork/prefork.c (working copy) > > Maybe nitpicking, but I think you missed one kill at about line 310 in > reap_children. Ah, yeah; that function is never built since the buildsystem never defines NEED_WAITPID, it should just be removed really. joe
