Bug#535523: lighttpd.logrotate: do not start lighttpd (through "reload") if it is not running currently

Thu, 02 Jul 2009 16:20:52 -0700 

Package: lighttpd
Version: 1.4.22-1
Severity: important
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch

>From https://launchpad.net/bugs/393792:
"""
The logrotate script of lighttpd does a lighttpd reload, which is what it 
should do, but if I stop the lighttpd daemon manually I certainly do NOT want 
it to be started again by the log rotation. reload should NOT start a daemon if 
it is not running IMO.

restart -> stop and start
reload -> reload config (for some this is also stop/start, but it should only 
be executed if the daemon was running before.)

This is a security issue, because if someone does not know that and 
intentionally stops the server for some reason and wants to leave it that way 
eg. for testing or so, the server gets started and may run with faulty 
software. (happened to me)
"""

Please note that e.g. "apache2ctl graceful" will start apache, if it is not 
running, too.
However, the PID file gets removed when stopping and therefore Apache's 
logrotate script (which includes the same "is the pidfile there" check), won't 
start Apache, if it is not running currently.

I could not find any information about if "reload" should start a service; the 
most sane fix for this problem appears to add the check in the logrotate script.

*** /tmp/tmpOYo0z1
In Ubuntu, we've applied the attached patch to achieve the following:

  * debian/lighttpd.logrotate: check if lighttpd is running, before
    calling reload, which would start the daemon if it is not running
    currently (LP: #393792)

We thought you might be interested in doing the same. 

diff -u lighttpd-1.4.22/debian/lighttpd.logrotate lighttpd-1.4.22/debian/lighttpd.logrotate
--- lighttpd-1.4.22/debian/lighttpd.logrotate
+++ lighttpd-1.4.22/debian/lighttpd.logrotate
@@ -7,7 +7,7 @@
         notifempty
         sharedscripts
         postrotate
-           if [ -f /var/run/lighttpd.pid ]; then \
+           if [ -f /var/run/lighttpd.pid ] && ps --pid $(cat /var/run/lighttpd.pid) > /dev/null 2>&1; then \
              if [ -x /usr/sbin/invoke-rc.d ]; then \
                 invoke-rc.d lighttpd reload > /dev/null 2>&1; \
              else \

Reply via email to