bin/38489: httpd execs cgi prog with extra fds open

[arto.huusko%pp2.inet.fi@localhost]

>Number:         38489
>Category:       bin
>Synopsis:       httpd execs cgi prog with extra fds open
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Apr 23 16:15:00 +0000 2008
>Originator:     Arto Huusko
>Release:        NetBSD 4.99.55
>Organization:
>Environment:
System: NetBSD vekotin.local 4.99.55 NetBSD 4.99.55 (VEKOTIN) #1: Wed Mar 12 
18:45:32 EET 2008 
root%mutteri.local@localhost:/local/netbsd/build/netbsd-current/amd64/obj/sys/arch/amd64/compile/VEKOTIN
 amd64
Architecture: x86_64
Machine: amd64
>Description:
        When httpd execs a CGI program, the process has extra file descriptors
        other than stdin, stdout and stderr open.

        If the CGI program does not know about these extra descriptors, and
        proceeds to fork a daemon, which also does not know about the
        extra descriptors, the httpd process hangs, because the descriptors
        stay open in the daemon process.

        I found out about the extra descriptors with fstat, and doing

                fcntl(STDERR_FILENO + 1, F_CLOSEM)

        in the daemon process works around the problem. However, F_CLOSEM
        is not standard. And it is not needed with other httpd servers
        such as apache.
>How-To-Repeat:
        Exec CGI program that forks a daemon, see httpd hang around for ever.
>Fix:
        Close file descriptors other than stdin, stdout and stderr before 
execing
        the CGI script.