Re: [stunnel-users] stunnel automatically listening to extra

This is a discussion on Re: [stunnel-users] stunnel automatically listening to extra within the Stunnel Users forums, part of the Networking and Network Related category; Alan, On Fri, 11 Jan 2008, Alan Pinstein wrote: [...] > Yes. RHEL5. > > > The following is an educated ...


Go Back   Usenet Forums > Networking and Network Related > Stunnel Users

Reload this Page Re: [stunnel-users] stunnel automatically listening to extra

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-11-2008
Richard.Hall
 
Posts: n/a
Default Re: [stunnel-users] stunnel automatically listening to extra
Alan,

On Fri, 11 Jan 2008, Alan Pinstein wrote:
[...]
> Yes. RHEL5.
>
> > The following is an educated guess:
> >
> > Open connections are open file descriptors, and fork()/exec() do not
> > close open file descriptors. Thus, stunnel is inheriting the open
> > connection. And, since it knows nothing about it, it does not close it
> > or anything like that. So it's not that it activelly listens on it,
> > but only that it does not bother to stop. You might check this theory
> > by trying to connect to the port *after* apache is shut down. If I'm
> > right you should get no answer at all.
>
> I don't know a lot about sockets programming, but I am not sure this
> makes sense... I don't WANT stunnel to stop listening to those ports;
> rather it shouldn't ever start. stunnel has a config file, so I'd
> expect it to only listen to the ports it was told to listen to, which
> is 4449.
>
> I run lots of child processes from php and none of them end up
> listening to port 80/443 once the server exits.
>
> Although, now that I think about it, I am not sure I daemonize any
> processes from a php script...
>
> But still I think that stunnel is actively listening on these ports.
> Forked processed just don't inherit sockets from parents AFAIK....

Not so.

> > So, the solution is to have the file descriptors close when exec'ing
> > stunnel. PHP or apache might have some option somewhere to do that
> > (look for "close on exec" or something similarly named), but if not,
> > you might have to write some sort of wrapper to do it. It's a messy
> > thing, because AFAIK there's no clean way to do it short of
> >
> > for (i = 0; i < [some-hopefuly-large-enough-value]; i++)
> > close(i);
[...]

I've seen this problem discussed in other forums. It recently (re)surfaced
in the Exim world. See, for example, the thread which starts at
http://lists.exim.org/lurker/message...1f8896.en.html
and eventually leads to the rather more informative
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366124
and
http://bugs.php.net/bug.php?id=38915

The consensus seems to be that the problem lies with mod_php or maybe even
Apache (though agreement is far from universal)

HTH,
Richard



_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 01:41 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0