diff options
author | Graham Dumpleton <Graham.Dumpleton@gmail.com> | 2014-05-21 16:16:47 +1000 |
---|---|---|
committer | Graham Dumpleton <Graham.Dumpleton@gmail.com> | 2014-05-21 16:16:47 +1000 |
commit | d9d5fea585b23991f76532a9b07de7fcd3b649f4 (patch) | |
tree | 2f85f14e8133b7b721fbeff7501f5f5d4e663160 | |
parent | 4fbddb697be76e165db8b2c8890b7a78c412ce1c (diff) | |
download | mod_wsgi-stable/3.X.tar.gz |
Local privilege escalation when using daemon mode. (CVE-2014-0240)3.5stable/3.X
-rw-r--r-- | mod_wsgi.c | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -10756,6 +10756,19 @@ static void wsgi_setup_access(WSGIDaemonProcess *daemon) ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server, "mod_wsgi (pid=%d): Unable to change to uid=%ld.", getpid(), (long)daemon->group->uid); + + /* + * On true UNIX systems this should always succeed at + * this point. With certain Linux kernel versions though + * we can get back EAGAIN where the target user had + * reached their process limit. In that case will be left + * running as wrong user. Just exit on all failures to be + * safe. Don't die immediately to avoid a fork bomb. + */ + + sleep(20); + + exit(-1); } /* |