| Summary: | mod_chroot with apache2 creates processes outside of the ChrootDir path. | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Andrew Griffiths <andrewg> |
| Component: | Current packages | Assignee: | Apache Team - Bugzilla Reports <apache-bugs> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | 2006.0 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Sorry, turns out this bug report is a duplicate/similar to the following report. http://bugs.gentoo.org/show_bug.cgi?id=95910 seems as if I missed that initially.. change to duplicate if you feel is needed |
Hello, When using mod_chroot-0.4 in combination with apache-2.055-r1, it spawns a process before doing the chroot call. # killall -9 apache2 # /etc/init.d/apache2 zap && /etc/init.d/apache2 start * Manually resetting apache2 to stopped state. * Re-caching dependency info (mtimes differ)... * Re-caching dependency info (mtimes differ)... * Re-caching dependency info (mtimes differ)... * Re-caching dependency info (mtimes differ)... * Starting apache2 ... [Mon May 08 12:49:42 2006] [warn] NameVirtualHost *:80 has no VirtualHosts [ ok ] # ps axwu | grep apache | head -n 2 root 6920 0.8 2.7 26312 7096 ? Ss 12:49 0:00 /usr/sbin/apache2 -D PHP5 -D CHROOT -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start apache 14726 0.0 0.8 25176 2116 ? S 12:49 0:00 /usr/sbin/apache2 -D PHP5 -D CHROOT -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start # ls -l /proc/6920/root /proc/14726/root lrwxrwxrwx 1 root root 0 May 8 12:50 /proc/14726/root -> / lrwxrwxrwx 1 root root 0 May 8 12:50 /proc/6920/root -> /chroot/apache From the above that we see the child apache process is not chrooted. When mod_chroot-0.5 is installed, and the above instructions are repeated, we get: # killall -9 apache2 # /etc/init.d/apache2 zap && /etc/init.d/apache2 start * Manually resetting apache2 to stopped state. * Re-caching dependency info (mtimes differ)... * Re-caching dependency info (mtimes differ)... * Re-caching dependency info (mtimes differ)... * Re-caching dependency info (mtimes differ)... * Starting apache2 ... [Mon May 08 12:53:57 2006] [warn] NameVirtualHost *:80 has no VirtualHosts [ ok ] # ps axwu | grep apache | head -n 2 root 20246 2.6 2.6 26348 6928 ? Ss 12:53 0:00 /usr/sbin/apache2 -D PHP5 -D CHROOT -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start apache 22809 0.0 0.7 25216 1976 ? S 12:53 0:00 /usr/sbin/apache2 -D PHP5 -D CHROOT -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start # ls -l /proc/20246/root /proc/22809/root lrwxrwxrwx 1 root root 0 May 8 12:54 /proc/20246/root -> /chroot/apache lrwxrwxrwx 1 root root 0 May 8 12:54 /proc/22809/root -> /chroot/apache The ChangeLog for 0.5 release says: 2005-06-12 Hobbit * fixed a problem with some CGIs (mod_cgid, mod_fcgid) being executed outside the chroot jail. Patch by <clement.hermann*free.fr>, thanks! * updated documentation * released mod_chroot/0.5 However, it seems to rectify the problem being seen above, so I suspect the correct fix would be to release an updated version of this package. (One day i'll get around to learning about ebuilds and doing some trivial stuff myself). Thanks, Andrew Griffiths