You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Rasmus Lerdorf <ra...@lerdorf.on.ca> on 1998/09/01 23:26:58 UTC

More arm-linuxelf info

Ok, I am still having these odd delay problems.  Smells a lot like an
accept queue locking problem.  I tried compiling with
USE_FLOCK_SERIALIZED_ACCEPT, USE_FCNTL_SERIALIZED_ACCEPT and also
USE_SLOCK_SERIALIZED_ACCEPT.  They all show the same problem.  I can
connect initially and get as many pages as I want on the same keep-alive
connection.  Once the keep-alive expires it is usually dead, or I can get
lucky and grab another connection for a while.

I did notice this bit in ap_config.h:

#if defined(CRAY) || (defined(__arm) && !defined(LINUX))
#ifdef __STDC__
#define XtOffset(p_type,field) _Offsetof(p_type,field)
#else

Both __arm and LINUX are defined on this box.  Is there some
architecture-specific issue I need to worry about here?

-Rasmus

Re: More arm-linuxelf info

Posted by Dirk-Willem van Gulik <di...@jrc.it>.

CFrom new-httpd-owner-new-httpd-archive=hyperreal.org@apache.org Wed Sep 09 19:02:49 1998
Return-Path: <ne...@apache.org>
Delivered-To: new-httpd-archive@hyperreal.org
Received: (qmail 15260 invoked by uid 6000); 9 Sep 1998 19:02:45 -0000
Received: (qmail 15230 invoked from network); 9 Sep 1998 19:02:41 -0000
Received: from eastwood.aldigital.algroup.co.uk (194.128.162.193)
  by taz.hyperreal.org with SMTP; 9 Sep 1998 19:02:41 -0000
Received: from freeby.ben.algroup.co.uk (freeby.ben.algroup.co.uk [193.133.15.6]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id TAA16554 for <ne...@apache.org>; Wed, 9 Sep 1998 19:01:38 GMT
Received: from algroup.co.uk (naughty.ben.algroup.co.uk [193.133.15.107]) by freeby.ben.algroup.co.uk (8.6.12/8.6.12) with ESMTP id UAA18483 for <ne...@apache.org>; Wed, 9 Sep 1998 20:01:28 +0100
Message-ID: <35...@algroup.co.uk>
Date: Wed, 09 Sep 1998 20:01:06 +0100
From: Ben Laurie <be...@algroup.co.uk>
Organization: A.L. Group plc
X-Mailer: Mozilla 4.06 [en] (WinNT; I)
MIME-Version: 1.0
To: new-httpd@apache.org
Subject: Re: suEXEC alternative. Please comment.
References: <35...@MPIMG-Berlin-Dahlem.MPG.DE>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

Donald Buczek wrote:
> As usual on unix, users are free to create setuid scripts. As opposed to
> suEXEC, making a script setuid is the only way to get a transition to
> a uid different from the default (wwwcgi). So this transition is only
> at the explicit decision of the owner of the program and never implied.

This is altering the threat model (not necessarily a bad thing, but it
means it isn't really an alternative to suEXEC). suEXEC protects the
webmaster from the users. This approach does not.

> The last step was the one I was really after, because currently
> server-based authorization and privileged cgi-programs don't mix well.
> The current suEXEC never can make sure that it was called from the
> server (and not from another cgi-script, which did some 'corrections'
> to the environment). So the scripts never can be sure - even if
> suEXEC proved its privilege by chaning the UID.
> 
> By 'lowering' the UID to wwwcgi whenever code outside the server
> is executed, the wrapper can be sure it was called from the
> web-server (=some entity under the control of the web administrator)
> and not from user code. By executing the programm, which denies
> execute to the public, the wrapper prooves its identity to the
> script. So the script can imply "root says, this is a request
> authorized by the web administrator".

This would mean Apache would have to retain root, which is really not
acceptable. Or did I miss something?

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/

WE'RE RECRUITING! http://www.aldigital.co.uk/

Re: More arm-linuxelf info

Posted by Dean Gaudet <dg...@arctic.org>.

On Tue, 1 Sep 1998, Rasmus Lerdorf wrote:

> I did notice this bit in ap_config.h:
> 
> #if defined(CRAY) || (defined(__arm) && !defined(LINUX))
> #ifdef __STDC__
> #define XtOffset(p_type,field) _Offsetof(p_type,field)
> #else
> 
> Both __arm and LINUX are defined on this box.  Is there some
> architecture-specific issue I need to worry about here?

No you should be OK -- the __arm && !LINUX thing was put in there a few
months ago by someone porting to arm linux... the original __arm thing was
for acorn stuff I believe. 

Dean