Local privilege escalation when using daemon mode. (CVE-2014-0240)3.5 stable/3.X

author: Graham Dumpleton <Graham.Dumpleton@gmail.com> 2014-05-21 16:16:47 +1000
committer: Graham Dumpleton <Graham.Dumpleton@gmail.com> 2014-05-21 16:16:47 +1000
commit: d9d5fea585b23991f76532a9b07de7fcd3b649f4 (patch)
tree: 2f85f14e8133b7b721fbeff7501f5f5d4e663160
parent: 4fbddb697be76e165db8b2c8890b7a78c412ce1c (diff)
download: mod_wsgi-stable/3.X.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/mod_wsgi.c b/mod_wsgi.c
index 32b2903..3ef911b 100644
--- a/mod_wsgi.c
+++ b/mod_wsgi.c
@@ -10756,6 +10756,19 @@ static void wsgi_setup_access(WSGIDaemonProcess *daemon)
         ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
                      "mod_wsgi (pid=%d): Unable to change to uid=%ld.",
                      getpid(), (long)daemon->group->uid);
+
+        /*
+         * On true UNIX systems this should always succeed at
+         * this point. With certain Linux kernel versions though
+         * we can get back EAGAIN where the target user had
+         * reached their process limit. In that case will be left
+         * running as wrong user. Just exit on all failures to be
+         * safe. Don't die immediately to avoid a fork bomb.
+         */
+
+        sleep(20);
+
+        exit(-1);
     }
 
     /*
author	Graham Dumpleton <Graham.Dumpleton@gmail.com>	2014-05-21 16:16:47 +1000
committer	Graham Dumpleton <Graham.Dumpleton@gmail.com>	2014-05-21 16:16:47 +1000
commit	d9d5fea585b23991f76532a9b07de7fcd3b649f4 (patch)
tree	2f85f14e8133b7b721fbeff7501f5f5d4e663160
parent	4fbddb697be76e165db8b2c8890b7a78c412ce1c (diff)
download	mod_wsgi-stable/3.X.tar.gz