> I do believe this is the Chunk encoding exploit that showed up last week > on apache. Check http.apache.org for more information or go to the > securityfocus website for information. A number of patches or fixes > have already been released by various vendors.
I'm no expert here, but when logrotate executes /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true to restart Apache after rotating its logs (on my Red Hat 7.2 machine), I get plenty of this in my log as the child processes sluggishly die. I know this isn't the chunked encoding issue because a) I'm running 1.3.22-6, a RH-produced version with the chunked encoding security fix backported into it, and b) I can trigger my logrotate by hand and see the messages. The exact messages I get (obviously the pids will be different) are: [Thu Jun 27 15:27:48 2002] [warn] child process 2442 did not exit, sending another SIGHUP [Thu Jun 27 15:27:49 2002] [warn] child process 2443 did not exit, sending another SIGHUP [Thu Jun 27 15:27:49 2002] [warn] child process 2444 did not exit, sending another SIGHUP [Thu Jun 27 15:27:49 2002] [warn] child process 2445 did not exit, sending another SIGHUP [Thu Jun 27 15:27:49 2002] [warn] child process 2446 did not exit, sending another SIGHUP [Thu Jun 27 15:27:49 2002] [warn] child process 2447 did not exit, sending another SIGHUP [Thu Jun 27 15:27:49 2002] [warn] child process 2448 did not exit, sending another SIGHUP [Thu Jun 27 15:27:49 2002] [warn] child process 2449 did not exit, sending another SIGHUP [Thu Jun 27 15:27:49 2002] [notice] SIGHUP received. Attempting to restart [Thu Jun 27 15:27:50 2002] [notice] Apache/1.3.22 (Unix) (Red-Hat/Linux) configured -- resuming normal operations [Thu Jun 27 15:27:50 2002] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Jun 27 15:27:50 2002] [notice] Accept mutex: sysvsem (Default: sysvsem) generated by me manually executing the logrotate. - Lyric
