Re: mod_cgid, unix socket, ScriptSock directive

2004-11-23 Thread Jeff Trawick 
On Tue, 23 Nov 2004 12:18:11 -0500, Bill Stoddard <[EMAIL PROTECTED]> wrote:
> Jeff Trawick wrote:
> 
> 
> 
> > On Sat, 20 Nov 2004 12:11:34 -0500, Jeff Trawick <[EMAIL PROTECTED]> wrote:
> >
> >>The ScriptSock directive must be used when there are two instances of
> >>the server with same ServerRoot.  If it is omitted, symptoms may
> >>include
> >>
> >>. wrong credentials for CGIs
> >>. CGIs stop working for one server when other server is terminated
> >>
> >>It should be easy to avoid this configuration requirement by appending
> >>parent pid to the name of the unix socket which is used *when user
> >>didn't specify ScriptSock*, though there is slight migration concern
> >>in case administrator relies on name of unix socket for other reason
> >>(e.g., to use its existence as knowledge that mod_cgid is ready for
> >>business).
> >>
> >>It should be easy to catch such a misconfiguration by adding the
> >>parent pid to the CGI request sent over the Unix socket, and fail the
> >>request (and log appropriate message) if parent pid is wrong.
> >
> >
> > code to check for the misconfiguration is small and is expected to be
> > fool-proof (independent of what the user does); also, no way the
> > change can result in stale unix sockets left around, unlike sticking
> > the pid in the filename
> >
> > see patch in attachment
> 
> Definitely +1 in concept. This will save someone a -lot- of time if they 
> don't have a clue why their CGIs are
> failing and this is the problem.

I'm disappointed that configuration will still be required, but
mod_cgid shouldn't be trying to solve such a configuration issue like
automatically that when we're still left with LockFile and PidFile and
logs and mutexes which have the same issue.  (A more global approach
could be useful however.)

Re: mod_cgid, unix socket, ScriptSock directive

2004-11-23 Thread Bill Stoddard 
Jeff Trawick wrote:
On Sat, 20 Nov 2004 12:11:34 -0500, Jeff Trawick <[EMAIL PROTECTED]> wrote:
The ScriptSock directive must be used when there are two instances of
the server with same ServerRoot.  If it is omitted, symptoms may
include
. wrong credentials for CGIs
. CGIs stop working for one server when other server is terminated
It should be easy to avoid this configuration requirement by appending
parent pid to the name of the unix socket which is used *when user
didn't specify ScriptSock*, though there is slight migration concern
in case administrator relies on name of unix socket for other reason
(e.g., to use its existence as knowledge that mod_cgid is ready for
business).
It should be easy to catch such a misconfiguration by adding the
parent pid to the CGI request sent over the Unix socket, and fail the
request (and log appropriate message) if parent pid is wrong.

code to check for the misconfiguration is small and is expected to be
fool-proof (independent of what the user does); also, no way the
change can result in stale unix sockets left around, unlike sticking
the pid in the filename
see patch in attachment
Definitely +1 in concept. This will save someone a -lot- of time if they don't have a clue why their CGIs are 
failing and this is the problem.

Bill

Re: mod_cgid, unix socket, ScriptSock directive

2004-11-22 Thread André Malo 
* Jeff Trawick <[EMAIL PROTECTED]> wrote:

> code to check for the misconfiguration is small and is expected to be
> fool-proof (independent of what the user does); also, no way the
> change can result in stale unix sockets left around, unlike sticking
> the pid in the filename
> 
> see patch in attachment

+1.

nd
-- 
Winnetous Erbe:

Re: mod_cgid, unix socket, ScriptSock directive

2004-11-22 Thread Jeff Trawick 
On Sat, 20 Nov 2004 12:11:34 -0500, Jeff Trawick <[EMAIL PROTECTED]> wrote:
> The ScriptSock directive must be used when there are two instances of
> the server with same ServerRoot.  If it is omitted, symptoms may
> include
> 
> . wrong credentials for CGIs
> . CGIs stop working for one server when other server is terminated
> 
> It should be easy to avoid this configuration requirement by appending
> parent pid to the name of the unix socket which is used *when user
> didn't specify ScriptSock*, though there is slight migration concern
> in case administrator relies on name of unix socket for other reason
> (e.g., to use its existence as knowledge that mod_cgid is ready for
> business).
> 
> It should be easy to catch such a misconfiguration by adding the
> parent pid to the CGI request sent over the Unix socket, and fail the
> request (and log appropriate message) if parent pid is wrong.

code to check for the misconfiguration is small and is expected to be
fool-proof (independent of what the user does); also, no way the
change can result in stale unix sockets left around, unlike sticking
the pid in the filename

see patch in attachment
Index: modules/generators/mod_cgid.c
===
--- modules/generators/mod_cgid.c   (revision 106178)
+++ modules/generators/mod_cgid.c   (working copy)
@@ -89,6 +89,7 @@
 static server_rec *root_server = NULL;
 static apr_pool_t *root_pool = NULL;
 static const char *sockname;
+static pid_t parent_pid;
 
 /* Read and discard the data in the brigade produced by a CGI script */
 static void discard_script_output(apr_bucket_brigade *bb);
@@ -153,6 +154,9 @@
 * to find the script pid when it is time for that
 * process to be cleaned up
 */
+pid_t ppid;/* sanity check for config problems leading to
+* wrong cgid socket use
+*/
 int core_module_index;
 int have_suexec;
 int suexec_module_index;
@@ -439,6 +443,7 @@
 apr_status_t stat;
 
 req.req_type = req_type;
+req.ppid = parent_pid;
 req.conn_id = r->connection->id;
 req.core_module_index = core_module.module_index;
 if (suexec_mod) {
@@ -667,6 +672,14 @@
 continue;
 }
 
+if (cgid_req.ppid != parent_pid) {
+ap_log_error(APLOG_MARK, APLOG_CRIT, 0, main_server,
+ "CGI request received from wrong server instance; "
+ "see ScriptSock directive");
+close(sd2);
+continue;
+}
+
 if (cgid_req.req_type == GETPID_REQ) {
 pid_t pid;
 
@@ -839,6 +852,7 @@
 for (m = ap_preloaded_modules; *m != NULL; m++)
 total_modules++;
 
+parent_pid = getpid();
 sockname = ap_server_root_relative(p, sockname);
 ret = cgid_start(p, main_server, procnew);
 if (ret != OK ) {

mod_cgid, unix socket, ScriptSock directive

2004-11-20 Thread Jeff Trawick 
The ScriptSock directive must be used when there are two instances of
the server with same ServerRoot.  If it is omitted, symptoms may
include

. wrong credentials for CGIs
. CGIs stop working for one server when other server is terminated

It should be easy to avoid this configuration requirement by appending
parent pid to the name of the unix socket which is used *when user
didn't specify ScriptSock*, though there is slight migration concern
in case administrator relies on name of unix socket for other reason
(e.g., to use its existence as knowledge that mod_cgid is ready for
business).

It should be easy to catch such a misconfiguration by adding the
parent pid to the CGI request sent over the Unix socket, and fail the
request (and log appropriate message) if parent pid is wrong.

Any concerns with adding parent pid to name of the unix socket used by
mod_cgid?  If the default unix socket name is changed, then chance of
misconfiguration goes way down, so there is not much benefit to adding
the server-instance check as part of every CGI request.