[prev in list] [next in list] [prev in thread] [next in thread]
List: mod-security-users
Subject: Re: [mod-security-users] mlogc issues on BSD
From: Brian Rectanus <Brian.Rectanus () breach ! com>
Date: 2008-06-06 19:57:19
Message-ID: 4849969F.308 () breach ! com
[Download RAW message or body]
Hi Jody.
I attached a patch against mlogc 1.4.4 that adds a LockFile directive
to the config file. If *not* used in your config it *should* just
generate a randomized filename under your temp directory (probably /tmp,
but maybe /var/tmp in BSD).
If you don't mind, please test that it solves this issue with and
without specifying LockFile in the config.
thanks,
-B
Jody Clements wrote:
> Hi All,
>
> I have just installed mlogc on FreeBSD 6.2-STABLE using a self compiled
> version of Apache. I came across an issue I thought I might share,
> in case any one else has the same problem.
>
> I configured, compiled and installed mlogc without any warnings.
> However, when I came to run it the config file would get deleted and the
> program would fail. This was traced back to the apr_global_mutex_create
> call in mlogc.c. It turns out that on my flavor of BSD the
> APR_LOCK_DEFAULT is file locking and not semaphores etc. This meant that
> the call would use the file name in the second argument to
> apr_global_mutex_create as the lock file. In mlogc the lock file passed
> to apr_global_mutex_create is the configuration file. So when this method
> was called the config file was checked for existence and then unlinked.
> To get around this I had to change the code in mlogc.c to the following:
>
> 1020c1020
> < if (apr_global_mutex_create(&gmutex, conffile, APR_LOCK_DEFAULT,
> pool) != APR_SUCCESS) {
> ---
>> if (apr_global_mutex_create(&gmutex,"/tmp/mlogc.lock",
> APR_LOCK_DEFAULT, pool) != APR_SUCCESS) {
>
> I would think that it would be a good idea to have an option in the
> config file to allow the user to set a lock file location, if this method
> is required or specify the locking system explicitly. Anyway, thanks for
> reading.
>
> J.
>
>
> --
> +--------------------------------------------------------+
> Jody Clements Senior Web Developer
> Wellcome Trust Sanger Institute,
> Hinxton,
> Cambridge, e-mail:jc3@sanger.ac.uk
> CB10 1SA http:www.sanger.ac.uk
> +--------------------------------------------------------+
>
>
> --
> The Wellcome Trust Sanger Institute is operated by Genome Research
> Limited, a charity registered in England with number 1021457 and a
> company registered in England with number 2742969, whose registered
> office is 215 Euston Road, London, NW1 2BE.
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
--
Brian Rectanus
Breach Security
["mlogc-lockfile.diff" (text/x-patch)]
Index: mlogc.c
===================================================================
--- mlogc.c (revision 1081)
+++ mlogc.c (working copy)
@@ -134,6 +134,7 @@
pid_t logc_pid = 0;
const char *conffile = NULL;
+const char *lockfile = NULL;
int have_read_data = 0;
int checkpoint_interval = 60;
apr_time_t checkpoint_time_last = 0;
@@ -753,6 +754,11 @@
logc_shutdown(1);
}
+ s = apr_table_get(conf, "LockFile");
+ if (s != NULL) {
+ lockfile = file_path(s);
+ }
+
s = apr_table_get(conf, "ServerErrorTimeout");
if (s != NULL) {
server_error_timeout = atoi(s);
@@ -985,16 +991,19 @@
*/
static void logc_init()
{
+ char errstr[1024];
+ apr_status_t rc = 0;
const char *errptr = NULL;
int i, erroffset;
curl_global_init(CURL_GLOBAL_ALL);
atexit(logc_cleanup);
- if (apr_file_open(&error_log_fd, error_log_path, APR_WRITE | APR_CREATE | APR_APPEND,
- APR_OS_DEFAULT, pool) != APR_SUCCESS)
+ if ((rc = apr_file_open(&error_log_fd, error_log_path, APR_WRITE | APR_CREATE | APR_APPEND,
+ APR_OS_DEFAULT, pool)) != APR_SUCCESS)
{
- error_log(LOG_ERROR, NULL, "Failed to open the error log: %s\n", error_log_path);
+ error_log(LOG_ERROR, NULL, "Failed to open the error log %s: %s\n",
+ error_log_path, apr_strerror(rc, errstr, 1024));
logc_shutdown(1);
}
@@ -1017,13 +1026,15 @@
logc_shutdown(1);
}
- if (apr_global_mutex_create(&gmutex, conffile, APR_LOCK_DEFAULT, pool) != APR_SUCCESS) {
- error_log(LOG_ERROR, NULL, "Failed to create global mutex.");
+ if ((rc = apr_global_mutex_create(&gmutex, lockfile, APR_LOCK_DEFAULT, pool)) != APR_SUCCESS) {
+ error_log(LOG_ERROR, NULL, "Failed to create global mutex: %s",
+ apr_strerror(rc, errstr, 1024));
logc_shutdown(1);
}
- if (apr_thread_mutex_create(&mutex, APR_THREAD_MUTEX_UNNESTED, pool) != APR_SUCCESS) {
- error_log(LOG_ERROR, NULL, "Failed to create mutex.");
+ if ((rc = apr_thread_mutex_create(&mutex, APR_THREAD_MUTEX_UNNESTED, pool)) != APR_SUCCESS) {
+ error_log(LOG_ERROR, NULL, "Failed to create mutex: %s",
+ apr_strerror(rc, errstr, 1024));
logc_shutdown(1);
}
Index: mlogc-default.conf
===================================================================
--- mlogc-default.conf (revision 1081)
+++ mlogc-default.conf (working copy)
@@ -36,6 +36,9 @@
# The location of the error log.
ErrorLog "mlogc-error.log"
+# The location of the lock file.
+LockFile "mlogc.lck"
+
# Keep audit log entries after sending? (0=false 1=true)
# NOTE: This is required to be set in SecAuditLog mlogc config if you
# are going to use a secondary console via SecAuditLog2.
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic