Bug 123549 - httpd process name overwritten by mod_perl bug
Summary: httpd process name overwritten by mod_perl bug
Status: CLOSED DEFERRED
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: mod_perl (Show other bugs)
(Show other bugs)
Version: fc2
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL:
Whiteboard: LEGACY, 2, DEFER
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-05-19 09:58 UTC by Nathan Ollerenshaw
Modified: 2007-04-18 17:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-13 14:12:21 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Nathan Ollerenshaw 2004-05-19 09:58:28 UTC
Description of problem:
There is some overflow in 1.99_12 which causes the process name in the ps list to be 
overwritten with bogus values.

For example, /usr/sbin/httpd will be overwritten to be /usr/sbin/-e

Not cool, and indicates possible buffer overflow.

I fixed the problem by download the SRPM for 1.99_12, downloading the source fo 
1.99_13 from the perl.apache.org site, and updating the spec file then recompiling. The 
symptoms went away.

I'm marking this as High severity because it could be indicative of a severe memory leak - 
under testing with a complex mod_perl webapp (@mail) I found a process with over 1GB of 
memory assigned to it. After upgrading mod_perl this problem went away.

Version-Release number of selected component (if applicable):
mod_perl-1.99_12-2.1

How reproducible:
Always

Steps to Reproduce:
1. Install fedora core 2 (or core 1)
2. Install mod_perl
3. run some mod_perl app and watch the process name get overwritten
    

Additional info:

Comment 1 Nathan Ollerenshaw 2004-05-25 02:28:05 UTC
mod_perl-1.99_14 has been released. It fixes some important bugs, nothing security 
related that I can see - still, if you guys are going to rebuild this package, might be good 
idea to go to 14.

Comment 2 Matthew Miller 2005-04-11 22:20:53 UTC
[Bulk move of FC2 bugs to Fedora Legacy. See
<http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00020.html>.]

Comment 3 Pekka Savola 2005-11-16 13:15:14 UTC
This doesn't seem to be important enough to fix just on its own, so mark it DEFER.




Note You need to log in before you can comment on or make changes to this bug.