From: Stefan Fritsch <sf@apache.org>
Date: Sat, 3 Oct 2009 13:46:48 +0000 (+0000)
Subject: suexec: Allow to log an error if exec fails by setting FD_CLOEXEC
X-Git-Tag: 2.3.3~224
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9adcc73504363d0ad26a006a48e37169f79b9b3c;p=apache

suexec: Allow to log an error if exec fails by setting FD_CLOEXEC
on the log file instead of closing it.

PR: 10744
Submitted by: Nicolas Rachinsky
Reviewed by: Stefan Fritsch


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@821321 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 39770e95b5..653af892d7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,9 @@ Changes with Apache 2.3.3
      mod_proxy_ftp: NULL pointer dereference on error paths.
      [Stefan Fritsch <sf fritsch.de>, Joe Orton]
 
+  *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
+     on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
+
   *) mod_mime: Make RemoveType override the info from TypesConfig.
      PR 38330. [Stefan Fritsch]
 
diff --git a/support/suexec.c b/support/suexec.c
index a6a82b5ec2..1ef4e0928f 100644
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -46,6 +46,7 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <stdlib.h>
+#include <fcntl.h>
 
 #ifdef HAVE_PWD_H
 #include <pwd.h>
@@ -575,17 +576,16 @@ int main(int argc, char *argv[])
 #endif /* AP_SUEXEC_UMASK */
 
     /*
-     * Be sure to close the log file so the CGI can't
-     * mess with it.  If the exec fails, it will be reopened
-     * automatically when log_err is called.  Note that the log
-     * might not actually be open if AP_LOG_EXEC isn't defined.
-     * However, the "log" cell isn't ifdef'd so let's be defensive
-     * and assume someone might have done something with it
-     * outside an ifdef'd AP_LOG_EXEC block.
+     * ask fcntl(2) to set the FD_CLOEXEC flag on the log file,
+     * so it'll be automagically closed if the exec() call succeeds.
      */
     if (log != NULL) {
-        fclose(log);
-        log = NULL;
+        fflush(log);
+        setbuf(log,NULL);
+        if ((fcntl(fileno(log), F_SETFD, FD_CLOEXEC) == -1)) {
+            log_err("error: can't set close-on-exec flag");
+            exit(122);
+        }
     }
 
     /*