source: trunk/server/common/patches/httpd-suexec-cloexec.patch @ 2119

From: Stefan Fritsch <sf@apache.org>
Date: Sat, 3 Oct 2009 13:46:48 +0000
Subject: suexec: Allow to log an error if exec fails by setting FD_CLOEXEC on the log file instead of closing it.

PR: 10744
Submitted by: Nicolas Rachinsky
Reviewed by: Stefan Fritsch

Origin: upstream, http://svn.apache.org/viewvc?rev=821321&view=rev
Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=10744
---
 support/suexec.c |   18 +++++++++---------
 1 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/support/suexec.c b/support/suexec.c
index cb4e85f..85e1318 100644
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -49,6 +49,7 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <stdlib.h>
+#include <fcntl.h>
 #include <selinux/selinux.h>
 
 #ifdef HAVE_PWD_H
@@ -714,17 +715,16 @@ TRUSTED_DIRECTORY:
 #endif /* AP_SUEXEC_UMASK */
 
     /*
-     * Be sure to close the log file so the CGI can't
-     * mess with it.  If the exec fails, it will be reopened
-     * automatically when log_err is called.  Note that the log
-     * might not actually be open if AP_LOG_EXEC isn't defined.
-     * However, the "log" cell isn't ifdef'd so let's be defensive
-     * and assume someone might have done something with it
-     * outside an ifdef'd AP_LOG_EXEC block.
+     * ask fcntl(2) to set the FD_CLOEXEC flag on the log file,
+     * so it'll be automagically closed if the exec() call succeeds.
      */
     if (log != NULL) {
-        fclose(log);
-        log = NULL;
+        fflush(log);
+        setbuf(log,NULL);
+        if ((fcntl(fileno(log), F_SETFD, FD_CLOEXEC) == -1)) {
+            log_err("error: can't set close-on-exec flag");
+            exit(122);
+        }
     }
 
     /*