Vulnerability Development mailing list archives
Re: Apache 2.x leaked descriptors
From: "Bjoern A. Zeeb" <bzeeb-lists () lists zabbadoz net>
Date: Wed, 26 Feb 2003 19:56:29 +0000 (UTC)
On Tue, 25 Feb 2003, Christian Kratzer wrote: Hi,
If the error log (the only one that is appropriate for the exec'd program in question) is opened in append only mode, this seems to be appropriate.the cgi has access to the error log via its stderr file descriptor 2. It does not need access to the file descriptor of the log itself.
further more via writing to stderr apache has the chance to properly format it so that log file analysers can work with. Simply writing any data to the open fd might confuse (or even more) them as already noted by Steve Grubb I think. 012 is a good API for such things. Just as a side note: 0 and 1 are coverted by CGI Drafts (see http://cgi-spec.golux.com/). Standard error is not from what I had seen. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/
Current thread:
- Apache 2.x leaked descriptors Steve Grubb (Feb 21)
- Re: Apache 2.x leaked descriptors Christian Kratzer (Feb 23)
- Re: Apache 2.x leaked descriptors jon schatz (Feb 23)
- Re: Apache 2.x leaked descriptors David M. Wilson (Feb 24)
- Re: Apache 2.x leaked descriptors Christian Kratzer (Feb 25)
- Re: Apache 2.x leaked descriptors Brian Hatch (Feb 25)
- Re: Apache 2.x leaked descriptors Christian Kratzer (Feb 25)
- Re: Apache 2.x leaked descriptors Bjoern A. Zeeb (Feb 28)
- Re: Apache 2.x leaked descriptors David M. Wilson (Feb 24)
- <Possible follow-ups>
- Re: Apache 2.x leaked descriptors Steve Grubb (Feb 24)
- RE: Apache 2.x leaked descriptors Michael Wojcik (Feb 25)
- Re: Apache 2.x leaked descriptors Steve Grubb (Feb 25)