On Jun 27, 2007, at 1:52 PM, Joe Orton wrote:
Here's the updated (and simpler) version of my patch which uses
apr_proc_wait() to determine whether a pid is a valid child.
Simplifies
the MPM logic a bit since the pid != 0 check is moved into
ap_mpm_safe_kill().
Tested for both prefork and worker (on Linux) to fix the vulnerability
using mod_scribble:
I might be missing this (just did a quick scan) but
what about ap_reclaim_child_processes/reclaim_one_pid()?
Here we "trust" the pid in the scoreboard and
send signals.
