Re: Apache 2.x leaked descriptors
From: Bjoern A. Zeeb (bzeeb-lists@lists.zabbadoz.net)
Date: 02/26/03
- Previous message: Brian Hatch: "Re: Non registering shell"
- In reply to: Christian Kratzer: "Re: Apache 2.x leaked descriptors"
- Next in thread: Steve Grubb: "Re: Apache 2.x leaked descriptors"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Feb 2003 19:56:29 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Brian Hatch <vuln-dev@ifokr.org>
On Tue, 25 Feb 2003, Christian Kratzer wrote:
Hi,
> > If the error log (the only one that is appropriate for the
> > exec'd program in question) is opened in append only mode, this
> > seems to be appropriate.
>
> the cgi has access to the error log via its stderr file descriptor 2.
> It does not need access to the file descriptor of the log itself.
further more via writing to stderr apache has the chance to properly
format it so that log file analysers can work with.
Simply writing any data to the open fd might confuse (or even more)
them as already noted by Steve Grubb I think.
012 is a good API for such things. Just as a side note: 0 and 1 are
coverted by CGI Drafts (see http://cgi-spec.golux.com/). Standard
error is not from what I had seen.
-- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/
- Next message: Rory Savage: "Re: Non registering shell"
- Previous message: Brian Hatch: "Re: Non registering shell"
- In reply to: Christian Kratzer: "Re: Apache 2.x leaked descriptors"
- Next in thread: Steve Grubb: "Re: Apache 2.x leaked descriptors"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
