Hi,
As DefaultInitEnv directive can be passed by VirtualHost, we could have
2 virtualhosts with the same SuexecUserGroup user and group using the
same FastCGI process even if the 2 VirtualHosts have different
DefaultInitEnv values. (e.g. RAILS_ENV, PHPRC variables). This would be
very confusing then, because we have no way to isolate the two (or more)
virtualhosts. r->server->server_hostname match the ServerName directive
which in order to work properly must be unique in the server
configuration (2 virtualhost can't have the same ServerName). We use
r->server->server_hostname here instead of ap_get_server_name, because
the latter returns the canonical name which is not always the same as
ServerName (think of ServerAlias *.domain.com, infinite possible names),
and could lead to a DoS.
Gabriel
From: Gabriel Barazer <[EMAIL PROTECTED]>
When setting multiple virtual hosts with the same SuexecUserGroup
user and group, the process manager use the same process pool for both
virtual hosts. This means if one virtual host has a DefaultInitEnv and the other
has different values set, a fastcgi request from any of these virtual host can
go to the same processes, which is inconsistent (a request from virtualhost a
with
DefaultInitEnv VAL "a", can go to a process spawned with virtualhost b with
DefaultInitEnv VAL "b" set).
Signed-off-by: Gabriel Barazer <[EMAIL PROTECTED]>
---
Index: fcgid_bridge.c
===================================================================
RCS file: /cvsroot/mod-fcgid/mod_fcgid/fcgid_bridge.c,v
retrieving revision 1.35
diff -u -r1.35 fcgid_bridge.c
--- fcgid_bridge.c 11 Jul 2007 07:49:38 -0000 1.35
+++ fcgid_bridge.c 11 Aug 2007 18:19:55 -0000
@@ -34,6 +34,7 @@
uid_t uid = command->uid;
gid_t gid = command->gid;
apr_size_t share_grp_id = command->share_grp_id;
+ char *virtualhost = command->virtualhost;
proc_table = proctable_get_table_array();
previous_node = proctable_get_idle_list();
@@ -47,6 +48,7 @@
if (current_node->inode == inode
&& current_node->deviceid == deviceid
&& current_node->share_grp_id == share_grp_id
+ && current_node->virtualhost == virtualhost
&& current_node->uid == uid && current_node->gid ==
gid) {
/* Unlink from idle list */
previous_node->next_index = current_node->next_index;
@@ -124,6 +126,7 @@
if (current_node->inode == command->inode
&& current_node->deviceid == command->deviceid
&& current_node->share_grp_id == command->share_grp_id
+ && current_node->virtualhost == command->virtualhost
&& current_node->uid == command->uid
&& current_node->gid == command->gid) {
result++;
Index: fcgid_pm.h
===================================================================
RCS file: /cvsroot/mod-fcgid/mod_fcgid/fcgid_pm.h,v
retrieving revision 1.12
diff -u -r1.12 fcgid_pm.h
--- fcgid_pm.h 12 Nov 2005 14:54:48 -0000 1.12
+++ fcgid_pm.h 11 Aug 2007 18:19:55 -0000
@@ -11,6 +11,7 @@
apr_ino_t inode;
dev_t deviceid;
apr_size_t share_grp_id;
+ char *virtualhost; /* Virtualhost granularity */
uid_t uid; /* For suEXEC */
gid_t gid; /* For suEXEC */
int userdir; /* For suEXEC */
Index: fcgid_pm_main.c
===================================================================
RCS file: /cvsroot/mod-fcgid/mod_fcgid/fcgid_pm_main.c,v
retrieving revision 1.16
diff -u -r1.16 fcgid_pm_main.c
--- fcgid_pm_main.c 12 Jan 2007 06:55:44 -0000 1.16
+++ fcgid_pm_main.c 11 Aug 2007 18:19:56 -0000
@@ -386,7 +386,7 @@
if (free_list_header->next_index == 0) {
safe_unlock(main_server);
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, main_server,
- "mod_fcgid: too much proecess, please
increase FCGID_MAX_APPLICATION");
+ "mod_fcgid: too much processes, please
increase FCGID_MAX_APPLICATION");
return;
}
procnode = &proctable_array[free_list_header->next_index];
@@ -398,12 +398,14 @@
procnode->deviceid = command->deviceid;
procnode->inode = command->inode;
procnode->share_grp_id = command->share_grp_id;
+ procnode->virtualhost = command->virtualhost;
procnode->uid = command->uid;
procnode->gid = command->gid;
procnode->start_time = procnode->last_active_time = apr_time_now();
procnode->requests_handled = 0;
procnode->diewhy = FCGID_DIE_KILLSELF;
procnode->proc_pool = NULL;
+
procinfo.cgipath = command->cgipath;
procinfo.configpool = configpool;
procinfo.main_server = main_server;
@@ -447,8 +449,8 @@
link_node_to_list(main_server, idle_list_header,
procnode, proctable_array);
ap_log_error(APLOG_MARK, APLOG_INFO, 0, main_server,
- "mod_fcgid: server %s(%" APR_PID_T_FMT
") started",
- command->cgipath,
procnode->proc_id->pid);
+ "mod_fcgid: server %s:%s(%"
APR_PID_T_FMT ") started",
+ command->virtualhost,
command->cgipath, procnode->proc_id->pid);
register_spawn(main_server, procnode);
}
}
Index: fcgid_proctbl.h
===================================================================
RCS file: /cvsroot/mod-fcgid/mod_fcgid/fcgid_proctbl.h,v
retrieving revision 1.12
diff -u -r1.12 fcgid_proctbl.h
--- fcgid_proctbl.h 6 Sep 2006 15:03:39 -0000 1.12
+++ fcgid_proctbl.h 11 Aug 2007 18:19:56 -0000
@@ -28,6 +28,7 @@
gid_t gid; /* for suEXEC */
uid_t uid; /* for suEXEC */
apr_size_t share_grp_id; /* cgi wrapper share group id */
+ char *virtualhost; /* the virtualhost this process belongs
to */
apr_time_t start_time; /* the time of this process create */
apr_time_t last_active_time; /* the time this process last active */
int requests_handled; /* number of requests process has
handled */
Index: fcgid_spawn_ctl.c
===================================================================
RCS file: /cvsroot/mod-fcgid/mod_fcgid/fcgid_spawn_ctl.c,v
retrieving revision 1.14
diff -u -r1.14 fcgid_spawn_ctl.c
--- fcgid_spawn_ctl.c 11 Jul 2007 07:49:38 -0000 1.14
+++ fcgid_spawn_ctl.c 11 Aug 2007 18:19:56 -0000
@@ -9,6 +9,7 @@
uid_t uid;
gid_t gid;
apr_size_t share_grp_id;
+ char *virtualhost;
int score;
int process_counter;
apr_time_t last_stat_time;
@@ -42,6 +43,7 @@
if (current_node->inode == procnode->inode
&& current_node->deviceid == procnode->deviceid
&& current_node->share_grp_id == procnode->share_grp_id
+ && current_node->virtualhost == procnode->virtualhost
&& current_node->uid == procnode->uid
&& current_node->gid == procnode->gid)
break;
@@ -81,6 +83,7 @@
current_node->deviceid = procnode->deviceid;
current_node->inode = procnode->inode;
current_node->share_grp_id = procnode->share_grp_id;
+ current_node->virtualhost = procnode->virtualhost;
current_node->uid = procnode->uid;
current_node->gid = procnode->gid;
current_node->last_stat_time = apr_time_now();
@@ -152,6 +155,7 @@
if (current_node->inode == command->inode
&& current_node->deviceid == command->deviceid
&& current_node->share_grp_id == command->share_grp_id
+ && current_node->virtualhost == command->virtualhost
&& current_node->uid == command->uid
&& current_node->gid == command->gid)
break;
@@ -218,6 +222,7 @@
if (current_node->inode == procnode->inode
&& current_node->deviceid == procnode->deviceid
&& current_node->share_grp_id == procnode->share_grp_id
+ && current_node->virtualhost == procnode->virtualhost
&& current_node->uid == procnode->uid
&& current_node->gid == procnode->gid)
break;
Index: arch/unix/fcgid_pm_unix.c
===================================================================
RCS file: /cvsroot/mod-fcgid/mod_fcgid/arch/unix/fcgid_pm_unix.c,v
retrieving revision 1.19
diff -u -r1.19 fcgid_pm_unix.c
--- arch/unix/fcgid_pm_unix.c 24 Feb 2007 07:10:22 -0000 1.19
+++ arch/unix/fcgid_pm_unix.c 11 Aug 2007 18:19:56 -0000
@@ -386,6 +386,7 @@
command->deviceid = deviceid;
command->inode = inode;
command->share_grp_id = share_grp_id;
+ command->virtualhost = r->server->server_hostname;
/* Update fcgid_command with wrapper info */
command->wrapperpath[0] = '\0';
Index: arch/unix/fcgid_proctbl_unix.c
===================================================================
RCS file: /cvsroot/mod-fcgid/mod_fcgid/arch/unix/fcgid_proctbl_unix.c,v
retrieving revision 1.8
diff -u -r1.8 fcgid_proctbl_unix.c
--- arch/unix/fcgid_proctbl_unix.c 27 Feb 2007 16:33:28 -0000 1.8
+++ arch/unix/fcgid_proctbl_unix.c 11 Aug 2007 18:19:56 -0000
@@ -279,7 +279,7 @@
current_node != g_proc_array;
current_node = &g_proc_array[current_node->next_index]) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, main_server,
- "mod_fcgid: idle node index: %td",
+ "mod_fcgid: idle node index: %d",
current_node - g_proc_array);
}
@@ -287,7 +287,7 @@
current_node != g_proc_array;
current_node = &g_proc_array[current_node->next_index]) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, main_server,
- "mod_fcgid: busy node index: %td",
+ "mod_fcgid: busy node index: %d",
current_node - g_proc_array);
}
@@ -295,7 +295,7 @@
current_node != g_proc_array;
current_node = &g_proc_array[current_node->next_index]) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, main_server,
- "mod_fcgid: error node index: %td",
+ "mod_fcgid: error node index: %d",
current_node - g_proc_array);
}
}
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users
