From sgunderson at bigfoot.com  Sun Apr  1 15:29:35 2012
From: sgunderson at bigfoot.com (Steinar H. Gunderson)
Date: Sun, 1 Apr 2012 15:29:35 +0200
Subject: [mpm-itk] Second prerelease of mpm-itk for Apache 2.4
Message-ID: <20120401132935.GA7571@uio.no>

Hi,

I've released the second prerelease version of mpm-itk for Apache 2.4,
following a review from Stefan Fritsch (Cc-ed):

  http://mpm-itk.sesse.net/apache2.4-mpm-itk-2.4.1-pre01/

Most changes are minor, but it seems AssignUserID could be used in .htaccess,
which is probably not what you want. So if you are among the brave souls
running 2.4.1-pre00, you definitely ought to upgrade.

/* Steinar */
-- 
Homepage: http://www.sesse.net/



From sgunderson at bigfoot.com  Sun Apr  1 16:04:07 2012
From: sgunderson at bigfoot.com (Steinar H. Gunderson)
Date: Sun, 1 Apr 2012 16:04:07 +0200
Subject: [mpm-itk] Malicious scripts holding apache port
In-Reply-To: <20120326150540.GB2366@uio.no>
References: <CANEdxPG_R179GF3DZWE0v8dL3Ov5mmLNBpEWZXU-8aEWDUNDAA@mail.gmail.com>
	<20120319145102.62DB8806@pobox.sk>
	<CANEdxPEYCQOwOc09DrRPiM93Xtb2o=3LRvKnFyJGwPXr57Evag@mail.gmail.com>
	<20120326150540.GB2366@uio.no>
Message-ID: <20120401140407.GC7571@uio.no>

On Mon, Mar 26, 2012 at 05:05:40PM +0200, Steinar H. Gunderson wrote:
> It _could_ be some issue with the extra fork() we are doing in mpm-itk;
> I haven't looked at the shutdown logic lately, but maybe we're unable to
> force-kill hanging instances of these sub-children if they refuse to respond
> to SIGTERM.

You could give this patch a try:

--- httpd-2.4.1.orig/server/config.c
+++ httpd-2.4.1/server/config.c
@@ -754,6 +756,7 @@ static void child_main(int child_num_arg
                 ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "fork: Unable to fork new process");
                 break;
             case 0: /* child */
+                ap_close_listeners();
                 current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc);
                 if (current_conn) {

Even if it's against 2.4, it should apply against 2.2 as well.
It makes sure we drop the listening sockets in the children.

This still won't fix the problem that we could don't properly
kill the child pid if it's gone rogue, but it should at least
allow the server to restart again.

/* Steinar */
-- 
Homepage: http://www.sesse.net/



From guilherme.e at gmail.com  Wed Apr  4 16:29:42 2012
From: guilherme.e at gmail.com (Guilherme)
Date: Wed, 4 Apr 2012 07:29:42 -0700
Subject: [mpm-itk] Malicious scripts holding apache port
In-Reply-To: <20120401140407.GC7571@uio.no>
References: <CANEdxPG_R179GF3DZWE0v8dL3Ov5mmLNBpEWZXU-8aEWDUNDAA@mail.gmail.com>
	<20120319145102.62DB8806@pobox.sk>
	<CANEdxPEYCQOwOc09DrRPiM93Xtb2o=3LRvKnFyJGwPXr57Evag@mail.gmail.com>
	<20120326150540.GB2366@uio.no> <20120401140407.GC7571@uio.no>
Message-ID: <CANEdxPFULmjfFs+=LZT-XW8XzNUH=HyGx5_9h5edZ181k54vsQ@mail.gmail.com>

Steinar,

The patch didn't work in apache 2.2 mainly because server/config.c doesn't
have any reference to child_main function.

This one worked and fixed the problem.

--- httpd-2.2.17.orig/server/mpm/experimental/itk/itk.c    2012-04-04
09:53:36.000000000 -0300
+++ httpd-2.2.17/server/mpm/experimental/itk/itk.c    2012-04-04
09:54:48.000000000 -0300
@@ -720,6 +720,7 @@
                 ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "fork:
Unable to fork new process");
                 break;
             case 0: /* child */
+        ap_close_listeners();
                 apr_proc_mutex_child_init(&accept_mutex, ap_lock_fname,
pchild);
                 current_conn = ap_run_create_connection(ptrans,
ap_server_conf, csd, my_child_num, sbh, bucket_alloc);
                 if (current_conn) {


Thank you for the attention!

Best regards,

Guilherme

On Sun, Apr 1, 2012 at 7:04 AM, Steinar H. Gunderson <sgunderson at bigfoot.com
> wrote:

> On Mon, Mar 26, 2012 at 05:05:40PM +0200, Steinar H. Gunderson wrote:
> > It _could_ be some issue with the extra fork() we are doing in mpm-itk;
> > I haven't looked at the shutdown logic lately, but maybe we're unable to
> > force-kill hanging instances of these sub-children if they refuse to
> respond
> > to SIGTERM.
>
> You could give this patch a try:
>
> --- httpd-2.4.1.orig/server/config.c
> +++ httpd-2.4.1/server/config.c
> @@ -754,6 +756,7 @@ static void child_main(int child_num_arg
>                 ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "fork:
> Unable to fork new process");
>                 break;
>             case 0: /* child */
> +                ap_close_listeners();
>                 current_conn = ap_run_create_connection(ptrans,
> ap_server_conf, csd, my_child_num, sbh, bucket_alloc);
>                 if (current_conn) {
>
> Even if it's against 2.4, it should apply against 2.2 as well.
> It makes sure we drop the listening sockets in the children.
>
> This still won't fix the problem that we could don't properly
> kill the child pid if it's gone rogue, but it should at least
> allow the server to restart again.
>
> /* Steinar */
> --
> Homepage: http://www.sesse.net/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.err.no/pipermail/mpm-itk/attachments/20120404/f47c8473/attachment.htm>

From sgunderson at bigfoot.com  Wed Apr  4 16:32:20 2012
From: sgunderson at bigfoot.com (Steinar H. Gunderson)
Date: Wed, 4 Apr 2012 16:32:20 +0200
Subject: [mpm-itk] Malicious scripts holding apache port
In-Reply-To: <CANEdxPFULmjfFs+=LZT-XW8XzNUH=HyGx5_9h5edZ181k54vsQ@mail.gmail.com>
References: <CANEdxPG_R179GF3DZWE0v8dL3Ov5mmLNBpEWZXU-8aEWDUNDAA@mail.gmail.com>
	<20120319145102.62DB8806@pobox.sk>
	<CANEdxPEYCQOwOc09DrRPiM93Xtb2o=3LRvKnFyJGwPXr57Evag@mail.gmail.com>
	<20120326150540.GB2366@uio.no> <20120401140407.GC7571@uio.no>
	<CANEdxPFULmjfFs+=LZT-XW8XzNUH=HyGx5_9h5edZ181k54vsQ@mail.gmail.com>
Message-ID: <20120404143220.GA22517@uio.no>

On Wed, Apr 04, 2012 at 07:29:42AM -0700, Guilherme wrote:
> This one worked and fixed the problem.

Thanks; I'll get it into the next release.

/* Steinar */
-- 
Homepage: http://www.sesse.net/



From sf at sfritsch.de  Mon Apr 16 20:49:47 2012
From: sf at sfritsch.de (Stefan Fritsch)
Date: Mon, 16 Apr 2012 20:49:47 +0200
Subject: [mpm-itk] Second prerelease of mpm-itk for Apache 2.4
In-Reply-To: <20120401132935.GA7571@uio.no>
References: <20120401132935.GA7571@uio.no>
Message-ID: <201204162049.47693.sf@sfritsch.de>

On Sunday 01 April 2012, Steinar H. Gunderson wrote:
> I've released the second prerelease version of mpm-itk for Apache
> 2.4, following a review from Stefan Fritsch (Cc-ed):
> 
>   http://mpm-itk.sesse.net/apache2.4-mpm-itk-2.4.1-pre01/

this is now included in the apache2 packages version 2.4.2-1 in Debian 
experimental. Testers welcome.

Cheers,
Stefan



From alex.hha at gmail.com  Tue Apr 17 21:44:34 2012
From: alex.hha at gmail.com (Alex Domoradov)
Date: Tue, 17 Apr 2012 22:44:34 +0300
Subject: [mpm-itk] Can't change umask
Message-ID: <CAK90gp5P_ZOxGBX3q+mEgFBUEx_BuBA_VgJLqr9SZn5W2+Ycfw@mail.gmail.com>

I have CentOS-6.2 box with installed httpd-2.2.22 and mpm-itk. How can
I define umask for all httpd forks with mpm-itk? I have tried to add
umask=007 to /etc/sysconfig/httpd, but with no success.

I have created a simple php script with the following content
<?php
   touch ("temp.txt");
?>

But after executing this script the file temp.txt have been created
with mask 644. Did I miss something?



From forum at hubbitus.com.ru  Sun Apr 22 13:30:09 2012
From: forum at hubbitus.com.ru (Pavel Alexeev)
Date: Sun, 22 Apr 2012 15:30:09 +0400
Subject: [mpm-itk] Httpd-itk now in Fedora
Message-ID: <4F93EBC1.7080503@hubbitus.info>

Hello all.

On official site http://mpm-itk.sesse.net/ present list of distribution 
including ITK mpm and call say if it included in favorite distribution 
not listed there.

I glad announce what I finally add it in Fedora it goes to stable and 
became available for users from standard repositories.
https://bugzilla.redhat.com/show_bug.cgi?id=598860


-- 
With best wishes, Pavel Alexeev (aka Pahan-Hubbitus). For fast contact 
with me use jabber: Hubbitus at jabber.ru
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.err.no/pipermail/mpm-itk/attachments/20120422/9fd8cd36/attachment.htm>

From sgunderson at bigfoot.com  Sun Apr 22 14:07:00 2012
From: sgunderson at bigfoot.com (Steinar H. Gunderson)
Date: Sun, 22 Apr 2012 14:07:00 +0200
Subject: [mpm-itk] Httpd-itk now in Fedora
In-Reply-To: <4F93EBC1.7080503@hubbitus.info>
References: <4F93EBC1.7080503@hubbitus.info>
Message-ID: <20120422120700.GA25979@uio.no>

On Sun, Apr 22, 2012 at 03:30:09PM +0400, Pavel Alexeev wrote:
> On official site http://mpm-itk.sesse.net/ present list of
> distribution including ITK mpm and call say if it included in
> favorite distribution not listed there.
> 
> I glad announce what I finally add it in Fedora it goes to stable
> and became available for users from standard repositories.
> https://bugzilla.redhat.com/show_bug.cgi?id=598860

Hi,

This is great news :-) I've added a link.

/* Steinar */
-- 
Homepage: http://www.sesse.net/



From forum at hubbitus.com.ru  Tue Apr 24 13:14:06 2012
From: forum at hubbitus.com.ru (Pavel Alexeev)
Date: Tue, 24 Apr 2012 15:14:06 +0400
Subject: [mpm-itk] Httpd-itk now in Fedora
In-Reply-To: <20120422120700.GA25979@uio.no>
References: <4F93EBC1.7080503@hubbitus.info> <20120422120700.GA25979@uio.no>
Message-ID: <4F968AFE.60102@hubbitus.info>

22.04.2012 16:07, Steinar H. Gunderson wrote:
> On Sun, Apr 22, 2012 at 03:30:09PM +0400, Pavel Alexeev wrote:
>> On official site http://mpm-itk.sesse.net/ present list of
>> distribution including ITK mpm and call say if it included in
>> favorite distribution not listed there.
>>
>> I glad announce what I finally add it in Fedora it goes to stable
>> and became available for users from standard repositories.
>> https://bugzilla.redhat.com/show_bug.cgi?id=598860
> Hi,
>
> This is great news :-) I've added a link.
>
> /* Steinar */
Thank you.