Re: [mod-security-users] When will we see 1.8?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] When will we see 1.8?
|
From: Mark <ad...@as...> - 2004-04-29 06:02:56
|
Ivan Ristic wrote:
>>> Sure, but mod_security will kill every child Apache spawns. I've
>>> added a delay to prevent too many processes to get created and
>>> killed at the same time, but the whole thing will prevent Apache
>>> from serving any requests.
>>
>> Hmm, in that case, why can mod_security not simply kill the "mother"
>> Apache process itself? (the child, running as "nobody", or "www",
>> can obviously not kill the parent, who runs as root; but
>> mod_security could kill its own Apache process, right?). Or am I
>> missing something again?
>
> It does just that (exits its own process). But it is the parent
> process running as root that spawns new children.
For now, due to a time limit, I have decided to install 1.7.6 on the
production server, after all. But I wrote a small startup-script that
examines the log, after starting up Apache, to see whether mod_security did
the chroot. If not, it kills the pid in /var/run/httpd.pid, and restarts the
process (in a limited loop). Not pretty, I know; but at least this way I am
sure the chroot succeeded.
> Anyway, if I got it right this time it will never have to
> manifest itself.
True. This issue is largely academic. And I have *never* seen it gone wrong
on 1.7.6 either, btw.
Cheers,
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
|
