| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
When attached to a terminal, a SIGINT signal is sent to the parent
and all children, instructing them to exit. In some environments including
docker, only the parent receives the SIGTERM and is responsible for
propagating it to the children. This patch kills all child processes
when the parent receives a SIGTERM or a SIGINT.
|
| |
|
|
|
|
| |
Remove close as it always results in a duplicated call, simplify logic
|
|
|
|
|
|
| |
With warnings and pedantic mode enabled, `gcc (GCC) 13.2.1` returns
an implicit fall through warning. This can be fixed by annotating
the error function with NORETURN.
|
|\
| |
| |
| | |
Fixes: https://github.com/gnosek/fcgiwrap/pull/21
|
| |
| |
| |
| |
| |
| | |
chdir to directory which holds scripts doesn't work well with some CGIs.
Let the FastCGI invoker provide `FCGI_CHDIR` which can be `-` to inhibit
chdir, or another place to chdir to.
|
| |
| |
| |
| |
| |
| | |
While this generally is the right thing to do, we don't clean up
the rest of the memory (we're exiting in a moment, anyway)
and conditionally freeing a single variable seems wrong.
|
| |
| |
| |
| |
| | |
We either have a proper descriptor (>0) or an error (<0)
so we don't strictly need the fd_out parameter
|
| | |
|
| | |
|
|/
|
|
|
| |
If unix socket is not cleaned up, we will fail to bind on it the next
startup round (Address already in use).
|
|
|
|
|
|
|
|
|
| |
When a child process is terminated, the parent calls waitpid() to check
for dead children. This returns -1 on error (e.g. there are no other
children or a signal interrupted waitpid()), the pid (> 0) for dead
children OR 0 if there are some children which are still alive.
Fixes gnosek/fcgiwrap#18.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the purpose of fcgiwrap is to wrap cgit, then I want to be sure that no other
program can be executed under the privileges of the fcgiwrap user.
When the option `-p path` is given, only the programs specified by `path` are
allowed to execute (multiple occurrences of `-p` are merged to form a list of
allowed programs).
Note that this value will be matched literally, no attempt is done to
canonicalize the path. This also implies that glob patterns or directories will
never match.
|
| |
|
| |
|
|
|
|
|
| |
We do it in a rather violent way to avoid FCGI shutdown (the parent
must keep the socket alive and working)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the same error handler for 403s and 502s. This basically ports
the required fixes from error_403 (previous commit) to the 502
error on failed exec(). Two user-visible side effects:
- error message now says "403 Forbidden" instead of "403"
- failed exec() gets logged over stderr
(also, use \r\n instead of \n as a line seprator but that has been
fixed up by the parent process before).
|
|
|
|
|
|
|
|
|
| |
Report 403 errors over normal stdout/stderr (after setting up the
pipes). Properly reporting the error response over stdout requires:
- flushing the I/O, which would otherwise get buffered
- skipping atexit handlers (would otherwise close the FCGI connection
cleanly, interfering with the parent process still trying to talk
over it)
|
|
|
|
|
| |
It's not a security issue (executing the file would fail, anyway)
but it's a sensible sanity check.
|
| |
|
|
|
|
|
|
| |
This prevents the need for starting fcgiwrap explicitly, or using a
tool such as spawn-fcgi. The type of socket does not matter, we merely
accept a single FD passed from pid 1 and listen on it.
|
| |
|
| |
|
| |
|
|
|
|
| |
This should ease testing and deployment in simpler cases
|
|
|
|
|
|
| |
If present, it overrides DOCUMENT_ROOT and SCRIPT_NAME and prevents
mangling of PATH_INFO. Should allow cleaner configs when script names
don't come from request URIs directly.
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: W-Mark Kubacki <wmark@hurrikane.de>
|
| |
|
|
|
|
| |
Thanks to Toni Mueller, original author of the patch
|
| |
|
|
|
|
| |
Thanks to Fenixk19 for the report and patch.
|
|
|
|
| |
Passed via FastCGI stderr, so should end up in webserver's error log
|
|
|
|
| |
(start as fcgiwrap -c <num-children>, with a suitable socket on FD 0)
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Symlinks are now allowed if owner matches
|