PEP 433: more info on apache/php and cloexec

2013-01-30 13:22:54 +01:00 · 2013-01-30 13:22:54 +01:00 · 0637c3f6c5
parent 38fabf98d1
commit 0637c3f6c5
1 changed files with 7 additions and 0 deletions
--- a/pep-0433.txt
+++ b/pep-0433.txt
@ -119,6 +119,13 @@ Example of vulnerabilities:
 * `Hijacking Apache https by mod_php
   <http://www.securityfocus.com/archive/1/348368>`_ (Dec 2003)

+   * Apache: `Apr should set FD_CLOEXEC if APR_FOPEN_NOCLEANUP is not set
+     <https://issues.apache.org/bugzilla/show_bug.cgi?id=46425>`_
+     (fixed in 2009)
+   * PHP: `system() (and similar) don't cleanup opened handles of Apache
+     <https://bugs.php.net/bug.php?id=38915>`_ (not fixed in january
+     2013)
+

 Atomicity
 ---------