Commits
- Commit:
403c42204182515d7281d8c11084eef596f8a6ee
- From:
- Omar Polo <op@omarpolo.com>
- Date:
[cgi] switch from pipe(2) to socketpair(2)
We can't use normal pipe(2)s with libevent in some cases. Switch to
socketpair(2), which doesn't have the same problem.
This has the drawback that it doesn't prevent the CGI script from
reading stdout, for instance. (sockets are two-way, pipes only one-way)
- Commit:
b618111a681d278d0d72fbdb526542bebf8fce02
- From:
- Omar Polo <op@omarpolo.com>
- Date:
log more details for FastCGI errors
add the reported request id if there's a mismatch and both the gai error
and the errno value if getnameinfo fails.
- Commit:
5f37f9c20d1773ad0b95b16f67a33f75fea326f4
- From:
- Omar Polo <op@omarpolo.com>
- Date:
simplify error check
- Commit:
c016b65ca9ca4e4f84f270feb76b1038cb13f358
- From:
- Omar Polo <op@omarpolo.com>
- Date:
typo
- Commit:
f7ee799023657126a89134cd64ab6a7638b4d1bf
- From:
- Omar Polo <op@omarpolo.com>
- Date:
enforce PR_SET_NO_NEW_PRIVS in the logger process
otherwise landlock will refuse to enable itself and the logger process
dies.
- Commit:
0c66b6ad55416d9fca326c04b038784a9e59a84e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
forgot include
- Commit:
6f27d2595ae350dc6f9ce226d079370645dbff03
- From:
- Omar Polo <op@omarpolo.com>
- Date:
[seccomp] allow ioctl(FIONREAD)
it's needed by bufferevent_read
- Commit:
2a44a2ab6e380de2a13acc60309fa9bcb38fb64b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
sync changelog
- Commit:
741b69be96397e0ec6db0c84b4ead4f41363ea98
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fastcgi completely asynchronous
This changes the fastcgi implementation from a blocking I/O to an
async implementation on top of libevent' bufferevents.
Should improve the responsiveness of gmid especially when using remote
fastcgi applications.
- Commit:
83fe545a2b8c892e70ecf6b48180c27e6bc6b414
- From:
- Omar Polo <op@omarpolo.com>
- Date:
initialize mbufhead
- Commit:
cb28978f0a91612f91f0bf4b8bda365941b5df25
- From:
- Omar Polo <op@omarpolo.com>
- Date:
refactor landlock
refactor the landlock-related code into something more manageable.
The only real difference is that before the logger process would try
to landlock itself to "/" without perms, something that landlock
doesn't support (now it enables landlock and then restrict itself,
which is the correct move.)
- Commit:
775ef04f82b0cbcdfe62660fc0454717dcac8cc6
- From:
- Omar Polo <op@omarpolo.com>
- Date:
mention the thanks to cage for the bugfix
Since I was in a hurry, I forgot to mention it in the tag message :/
- Commit:
0d9a5b7a181d1456d3aba46ba75a70317d2e7886
- From:
- Omar Polo <op@omarpolo.com>
- Date:
sync release
- Commit:
3571854e942b2354ae216f340add076d71d0776a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix possible out-of-bound access
While computing the parent directory it an out-of-bound access can
occur, which usually means the server process dies.
In particular, it can be triggered by making a request for a
non-existent file in the root of a virtual host if the path matches
the `cgi` pattern.
Thanks cage for helping in debugging!
- Commit:
353e3c8ebe516943a38d051a0bf390bb6116574c
- From:
- Omar Polo <op@omarpolo.com>
- Date:
style