passenger 4.0.5 → 4.0.6

data/ext/common/ApplicationPool2/Process.h

@@ -384,25 +384,25 @@ public:
 
 	// Thread-safe.
 	bool isAlive() const {
-		lock_guard<boost::mutex> lock(lifetimeSyncher);
+		boost::lock_guard<boost::mutex> lock(lifetimeSyncher);
 		return lifeStatus == ALIVE;
 	}
 
 	// Thread-safe.
 	bool hasTriggeredShutdown() const {
-		lock_guard<boost::mutex> lock(lifetimeSyncher);
+		boost::lock_guard<boost::mutex> lock(lifetimeSyncher);
 		return lifeStatus == SHUTDOWN_TRIGGERED;
 	}
 
 	// Thread-safe.
 	bool isDead() const {
-		lock_guard<boost::mutex> lock(lifetimeSyncher);
+		boost::lock_guard<boost::mutex> lock(lifetimeSyncher);
 		return lifeStatus == DEAD;
 	}
 
 	// Thread-safe.
 	LifeStatus getLifeStatus() const {
-		lock_guard<boost::mutex> lock(lifetimeSyncher);
+		boost::lock_guard<boost::mutex> lock(lifetimeSyncher);
 		return lifeStatus;
 	}
 
@@ -413,7 +413,7 @@ public:
 	void triggerShutdown() {
 		assert(canTriggerShutdown());
 		{
-			lock_guard<boost::mutex> lock(lifetimeSyncher);
+			boost::lock_guard<boost::mutex> lock(lifetimeSyncher);
 			assert(lifeStatus == ALIVE);
 			lifeStatus = SHUTDOWN_TRIGGERED;
 			shutdownStartTime = SystemTime::get();
@@ -447,7 +447,7 @@ public:
 			}
 		}
 
-		lock_guard<boost::mutex> lock(lifetimeSyncher);
+		boost::lock_guard<boost::mutex> lock(lifetimeSyncher);
 		lifeStatus = DEAD;
 	}
 

data/ext/common/ApplicationPool2/SmartSpawner.h

@@ -110,9 +110,9 @@ private:
 		string agentsDir = resourceLocator.getAgentsDir();
 		vector<string> command;
 		
-		if (options.loadShellEnvvars) {
-			command.push_back("bash");
-			command.push_back("bash");
+		if (shouldLoadShellEnvvars(options, preparation)) {
+			command.push_back(preparation.shell);
+			command.push_back(preparation.shell);
 			command.push_back("-lc");
 			command.push_back("exec \"$@\"");
 			command.push_back("SpawnPreparerShell");
@@ -279,7 +279,7 @@ private:
 			}
 			this->adminSocket = adminSocket.second;
 			{
-				lock_guard<boost::mutex> l(simpleFieldSyncher);
+				boost::lock_guard<boost::mutex> l(simpleFieldSyncher);
 				this->pid = pid;
 			}
 			
@@ -324,7 +324,7 @@ private:
 			syscalls::unlink(filename.c_str());
 		}
 		{
-			lock_guard<boost::mutex> l(simpleFieldSyncher);
+			boost::lock_guard<boost::mutex> l(simpleFieldSyncher);
 			pid = -1;
 		}
 		socketAddress.clear();
@@ -342,7 +342,7 @@ private:
 
 			vector<string> args;
 			vector<string>::const_iterator it, end;
-			details.options->toVector(args, resourceLocator);
+			details.options->toVector(args, resourceLocator, Options::SPAWN_OPTIONS);
 			for (it = args.begin(); it != args.end(); it++) {
 				const string &key = *it;
 				it++;
@@ -615,7 +615,7 @@ private:
 		vector<string>::const_iterator it;
 		
 		writeExact(fd, "spawn\n", &timeout);
-		options.toVector(args, resourceLocator);
+		options.toVector(args, resourceLocator, Options::SPAWN_OPTIONS);
 		for (it = args.begin(); it != args.end(); it++) {
 			const string &key = *it;
 			it++;
@@ -722,7 +722,7 @@ public:
 	}
 	
 	virtual ~SmartSpawner() {
-		lock_guard<boost::mutex> l(syncher);
+		boost::lock_guard<boost::mutex> l(syncher);
 		stopPreloader();
 	}
 	
@@ -735,11 +735,11 @@ public:
 		possiblyRaiseInternalError(options);
 
 		{
-			lock_guard<boost::mutex> l(simpleFieldSyncher);
+			boost::lock_guard<boost::mutex> l(simpleFieldSyncher);
 			m_lastUsed = SystemTime::getUsec();
 		}
 		UPDATE_TRACE_POINT();
-		lock_guard<boost::mutex> l(syncher);
+		boost::lock_guard<boost::mutex> l(syncher);
 		if (!preloaderStarted()) {
 			UPDATE_TRACE_POINT();
 			startPreloader();
@@ -779,20 +779,20 @@ public:
 	virtual void cleanup() {
 		TRACE_POINT();
 		{
-			lock_guard<boost::mutex> l(simpleFieldSyncher);
+			boost::lock_guard<boost::mutex> l(simpleFieldSyncher);
 			m_lastUsed = SystemTime::getUsec();
 		}
-		lock_guard<boost::mutex> lock(syncher);
+		boost::lock_guard<boost::mutex> lock(syncher);
 		stopPreloader();
 	}
 
 	virtual unsigned long long lastUsed() const {
-		lock_guard<boost::mutex> lock(simpleFieldSyncher);
+		boost::lock_guard<boost::mutex> lock(simpleFieldSyncher);
 		return m_lastUsed;
 	}
 	
 	pid_t getPreloaderPid() const {
-		lock_guard<boost::mutex> lock(simpleFieldSyncher);
+		boost::lock_guard<boost::mutex> lock(simpleFieldSyncher);
 		return pid;
 	}
 };

data/ext/common/ApplicationPool2/Socket.h

@@ -145,7 +145,7 @@ public:
 	 * Failure to do so will result in a resource leak.
 	 */
 	Connection checkoutConnection() {
-		lock_guard<boost::mutex> l(connectionPoolLock);
+		boost::lock_guard<boost::mutex> l(connectionPoolLock);
 		
 		if (!idleConnections.empty()) {
 			Connection connection = idleConnections.back();

data/ext/common/ApplicationPool2/Spawner.h

@@ -143,7 +143,7 @@ protected:
 					}
 				} else {
 					{
-						lock_guard<boost::mutex> l(dataSyncher);
+						boost::lock_guard<boost::mutex> l(dataSyncher);
 						data.append(buf, ret);
 					}
 					UPDATE_TRACE_POINT();
@@ -200,13 +200,13 @@ protected:
 			thr->interrupt_and_join();
 			delete thr;
 			thr = NULL;
-			lock_guard<boost::mutex> l(dataSyncher);
+			boost::lock_guard<boost::mutex> l(dataSyncher);
 			return data;
 		}
 
 		void appendToBuffer(const StaticString &dataToAdd) {
 			TRACE_POINT();
-			lock_guard<boost::mutex> l(dataSyncher);
+			boost::lock_guard<boost::mutex> l(dataSyncher);
 			data.append(dataToAdd.data(), dataToAdd.size());
 		}
 	};
@@ -222,19 +222,18 @@ protected:
 		string path;
 
 		DebugDir(uid_t uid, gid_t gid) {
-			path = "/tmp/passenger.spawn-debug.";
-			path.append(toString(getpid()));
-			path.append("-");
-			path.append(pointerToIntString(this));
-
-			if (syscalls::mkdir(path.c_str(), 0700) == -1) {
+			char buf[PATH_MAX] = "/tmp/passenger.spawn-debug.XXXXXXXXXX";
+			const char *result = mkdtemp(buf);
+			if (result == NULL) {
 				int e = errno;
-				throw FileSystemException("Cannot create directory '" +
-					path + "'", e, path);
+				throw SystemException("Cannot create a temporary directory "
+					"in the format of '/tmp/passenger-spawn-debug.XXX'", e);
+			} else {
+				path = result;
+				this_thread::disable_interruption di;
+				this_thread::disable_syscall_interruption dsi;
+				syscalls::chown(result, uid, gid);
 			}
-			this_thread::disable_interruption di;
-			this_thread::disable_syscall_interruption dsi;
-			syscalls::chown(path.c_str(), uid, gid);
 		}
 
 		~DebugDir() {
@@ -391,7 +390,7 @@ private:
 
 			vector<string> args;
 			vector<string>::const_iterator it, end;
-			details.options->toVector(args, resourceLocator);
+			details.options->toVector(args, resourceLocator, Options::SPAWN_OPTIONS);
 			for (it = args.begin(); it != args.end(); it++) {
 				const string &key = *it;
 				it++;
@@ -740,7 +739,7 @@ protected:
 			}
 		}
 	}
-	
+
 	SpawnPreparationInfo prepareSpawn(const Options &options) const {
 		TRACE_POINT();
 		SpawnPreparationInfo info;
@@ -925,6 +924,15 @@ protected:
 
 		assert(info.appRootPathsInsideChroot.back() == info.appRootInsideChroot);
 	}
+
+	bool shouldLoadShellEnvvars(const Options &options, const SpawnPreparationInfo &preparation) const {
+		if (options.loadShellEnvvars) {
+			string shellName = extractBaseName(preparation.shell);
+			return shellName == "bash" || shellName == "zsh" || shellName == "ksh";
+		} else {
+			return false;
+		}
+	}
 	
 	string serializeEnvvarsFromPoolOptions(const Options &options) const {
 		vector< pair<StaticString, StaticString> >::const_iterator it, end;

data/ext/common/ApplicationPool2/SpawnerFactory.h

@@ -108,7 +108,7 @@ public:
 	 * set debugging options on the spawner.
 	 */
 	DummySpawnerPtr getDummySpawner() {
-		lock_guard<boost::mutex> l(syncher);
+		boost::lock_guard<boost::mutex> l(syncher);
 		if (dummySpawner == NULL) {
 			dummySpawner = make_shared<DummySpawner>(resourceLocator, config);
 		}
@@ -121,6 +121,14 @@ public:
 	SpawnerConfigPtr getConfig() const {
 		return config;
 	}
+
+	RandomGeneratorPtr getRandomGenerator() const {
+		return randomGenerator;
+	}
+
+	const ResourceLocator &getResourceLocator() const {
+		return resourceLocator;
+	}
 };
 
 typedef shared_ptr<SpawnerFactory> SpawnerFactoryPtr;

data/ext/common/ApplicationPool2/SuperGroup.h

@@ -251,7 +251,7 @@ private:
 		// This function is either called from the pool event loop or directly from
 		// the detachAllGroups post lock actions. In both cases getPool() is never NULL.
 		PoolPtr pool = self->getPool();
-		lock_guard<boost::mutex> lock(self->getPoolSyncher(pool));
+		boost::lock_guard<boost::mutex> lock(self->getPoolSyncher(pool));
 
 		vector<GroupPtr>::iterator it, end = self->detachedGroups.end();
 		for (it = self->detachedGroups.begin(); it != end; it++) {

data/ext/common/Constants.h

@@ -70,7 +70,7 @@
 
 	#define PROCESS_SHUTDOWN_TIMEOUT_DISPLAY "1 minute"
 
-	#define PASSENGER_VERSION "4.0.5"
+	#define PASSENGER_VERSION "4.0.6"
 
 	#define SERVER_INSTANCE_DIR_STRUCTURE_MAJOR_VERSION 1
 

data/ext/common/Logging.cpp

@@ -28,6 +28,7 @@
 #include <unistd.h>
 #include <Logging.h>
 #include <Utils/StrIntUtils.h>
+#include <Utils/IOUtils.h>
 
 namespace Passenger {
 
@@ -87,13 +88,17 @@ _prepareLogEntry(std::stringstream &sstream, const char *file, unsigned int line
 
 void
 _writeLogEntry(const std::string &str) {
-	size_t written = 0;
-	do {
-		ssize_t ret = write(_logOutput, str.data() + written, str.size() - written);
-		if (ret != -1) {
-			written += ret;
-		}
-	} while (written < str.size());
+	try {
+		writeExact(_logOutput, str.data(), str.size());
+	} catch (const SystemException &) {
+		/* The most likely reason why this fails is when the user has setup
+		 * Apache to log to a pipe (e.g. to a log rotation script). Upon
+		 * restarting the web server, the process that reads from the pipe
+		 * shuts down, so we can't write to it anymore. That's why we
+		 * just ignore write errors. It doesn't make sense to abort for
+		 * something like this.
+		 */
+	}
 }
 
 } // namespace Passenger

data/ext/common/MessageServer.h

@@ -127,7 +127,7 @@ using namespace oxt;
  *       };
  *       
  *       MessageServer::ClientContextPtr newClient(MessageServer::CommonClientContext &commonContext) {
- *           return MessageServer::ClientContextPtr(new MyContext());
+ *           return make_shared<MyContext>();
  *       }
  *       
  *       bool processMessage(MessageServer::CommonClientContext &commonContext,
@@ -157,13 +157,7 @@ using namespace oxt;
  */
 class MessageServer {
 public:
-	static const unsigned int CLIENT_THREAD_STACK_SIZE =
-		#ifdef __FreeBSD__
-			// localtime() on FreeBSD needs some more stack space.
-			1024 * 96;
-		#else
-			1024 * 64;
-		#endif
+	static const unsigned int CLIENT_THREAD_STACK_SIZE = 1024 * 128;
 	
 	/** Interface for client context objects. */
 	class ClientContext {
@@ -186,9 +180,10 @@ public:
 		AccountPtr account;
 		
 		
-		CommonClientContext(FileDescriptor &theFd, AccountPtr &theAccount)
-			: fd(theFd), account(theAccount)
-		{ }
+		CommonClientContext(FileDescriptor &_fd, AccountPtr &_account)
+			: fd(_fd),
+			  account(_account)
+			{ }
 		
 		/** Returns a string representation for this client context. */
 		string name() {
@@ -196,7 +191,7 @@ public:
 		}
 		
 		/**
-		 * Checks whether this client has all of the rights in <tt>rights</tt>. The
+		 * Checks whether this client has all of the rights in `rights`. The
 		 * client will be notified about the result of this check, by sending it a
 		 * message.
 		 *

data/ext/common/MultiLibeio.cpp

@@ -1,6 +1,6 @@
 /*
  *  Phusion Passenger - https://www.phusionpassenger.com/
- *  Copyright (c) 2011 Phusion
+ *  Copyright (c) 2011-2013 Phusion
  *
  *  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
  *
@@ -89,7 +89,7 @@ threadMain() {
 
 static void
 wantPoll() {
-	lock_guard<boost::mutex> l(syncher);
+	boost::lock_guard<boost::mutex> l(syncher);
 	shouldPoll = true;
 	cond.notify_one();
 }
@@ -97,7 +97,7 @@ wantPoll() {
 static int
 dispatch(eio_req *req) {
 	auto_ptr<Data> data((Data *) req->data);
-	assert(data->libev != NULL); // Check for strange bug.
+	assert(data->libev != NULL);
 	data->libev->runLater(boost::bind(data->callback, *req));
 	return 0;
 }
@@ -113,13 +113,13 @@ executeWrapper(eio_req *req) {
 
 	static void
 	lockedPread(int fd, void *buf, size_t length, off_t offset, eio_req *req) {
-		lock_guard<boost::mutex> l(preadWriteLock);
+		boost::lock_guard<boost::mutex> l(preadWriteLock);
 		req->result = pread(fd, buf, length, offset);
 	}
 
 	static void
 	lockedPwrite(int fd, void *buf, size_t length, off_t offset, eio_req *req) {
-		lock_guard<boost::mutex> l(preadWriteLock);
+		boost::lock_guard<boost::mutex> l(preadWriteLock);
 		req->result = pwrite(fd, buf, length, offset);
 	}
 #endif

data/ext/common/ResourceLocator.h

@@ -70,11 +70,11 @@ public:
 			helperScriptsDir    = getOption(file, options, "helper_scripts");
 			resourcesDir        = getOption(file, options, "resources");
 			docDir              = getOption(file, options, "doc");
-			rubyLibDir          = getOption(file, options, "rubylib");
+			rubyLibDir          = getOption(file, options, "rubylibdir");
 		} else {
 			string root = rootOrFile;
 			binDir              = root + "/bin";
-			agentsDir           = root + "/agents";
+			agentsDir           = root + "/buildout/agents";
 			helperScriptsDir    = root + "/helper-scripts";
 			resourcesDir        = root + "/resources";
 			docDir              = root + "/doc";
@@ -94,10 +94,6 @@ public:
 		return helperScriptsDir;
 	}
 	
-	string getSpawnServerFilename() const {
-		return getHelperScriptsDir() + "/passenger-spawn-server";
-	}
-	
 	string getResourcesDir() const {
 		return resourcesDir;
 	}

data/ext/common/ServerInstanceDir.h

@@ -30,6 +30,7 @@
 #include <oxt/backtrace.hpp>
 
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <dirent.h>
 #include <unistd.h>
 #include <pwd.h>
@@ -92,7 +93,7 @@ public:
 			 * anybody except the owner. The individual files and subdirectories
 			 * decide for themselves whether they're readable by anybody.
 			 */
-			makeDirTree(path, "u=rwxs,g=x,o=x");
+			makeDirTree(path, "u=rwx,g=x,o=x");
 			
 			/* Write structure version file. */
 			string structureVersionFile = path + "/structure_version.txt";
@@ -107,10 +108,10 @@ public:
 			 * directory.
 			 */
 			if (runningAsRoot) {
-				makeDirTree(path + "/buffered_uploads", "u=rwxs,g=,o=",
+				makeDirTree(path + "/buffered_uploads", "u=rwx,g=,o=",
 					webServerWorkerUid, webServerWorkerGid);
 			} else {
-				makeDirTree(path + "/buffered_uploads", "u=rwxs,g=,o=");
+				makeDirTree(path + "/buffered_uploads", "u=rwx,g=,o=");
 			}
 			
 			/* The web server must be able to directly connect to a backend. */
@@ -121,7 +122,7 @@ public:
 					 * However we don't want everybody to be able to know the
 					 * sockets' filenames, so the directory is not readable.
 					 */
-					makeDirTree(path + "/backends", "u=rwxs,g=wx,o=wx");
+					makeDirTree(path + "/backends", "u=rwx,g=wx,o=wx,+t");
 				} else {
 					/* All backend processes are running as defaultUser/defaultGroup,
 					 * so make defaultUser/defaultGroup the owner and group of the
@@ -131,13 +132,13 @@ public:
 					 * nobody should be able to know the sockets' filenames without
 					 * having access to the application pool.
 					 */
-					makeDirTree(path + "/backends", "u=rwxs,g=x,o=x", defaultUid, defaultGid);
+					makeDirTree(path + "/backends", "u=rwx,g=x,o=x", defaultUid, defaultGid);
 				}
 			} else {
 				/* All backend processes are running as the same user as the web server,
 				 * so only allow access for this user.
 				 */
-				makeDirTree(path + "/backends", "u=rwxs,g=,o=");
+				makeDirTree(path + "/backends", "u=rwx,g=,o=");
 			}
 			
 			/* The helper server (containing the application pool) must be able to access
@@ -148,16 +149,16 @@ public:
 					/* Both the helper server and the spawn server are
 					 * running as root.
 					 */
-					makeDirTree(path + "/spawn-server", "u=rwxs,g=,o=");
+					makeDirTree(path + "/spawn-server", "u=rwx,g=,o=");
 				} else {
 					/* Both the helper server and the spawn server are
 					 * running as defaultUser/defaultGroup.
 					 */
-					makeDirTree(path + "/spawn-server", "u=rwxs,g=,o=",
+					makeDirTree(path + "/spawn-server", "u=rwx,g=,o=",
 						defaultUid, defaultGid);
 				}
 			} else {
-				makeDirTree(path + "/spawn-server", "u=rwxs,g=,o=");
+				makeDirTree(path + "/spawn-server", "u=rwx,g=,o=");
 			}
 			
 			owner = true;
@@ -214,7 +215,33 @@ private:
 		 * rights though, because we want admin tools to be able to list the available
 		 * generations no matter what user they're running as.
 		 */
-		makeDirTree(path, "u=rwxs,g=rx,o=rx");
+		if (owner) {
+			switch (getFileType(path)) {
+			case FT_NONEXISTANT:
+				createDirectory(path);
+				break;
+			case FT_DIRECTORY:
+				removeDirTree(path);
+				createDirectory(path);
+				break;
+			default:
+				throw RuntimeException("'" + path + "' already exists, and is not a directory");
+			}
+		} else if (getFileType(path) != FT_DIRECTORY) {
+			throw RuntimeException("Server instance directory '" + path +
+				"' does not exist");
+		}
+	}
+
+	void createDirectory(const string &path) const {
+		// We do not use makeDirTree() here. If an attacker creates a directory
+		// just before we do, then we want to abort because we want the directory
+		// to have specific permissions.
+		if (mkdir(path.c_str(), parseModeString("u=rwx,g=rx,o=rx")) == -1) {
+			int e = errno;
+			throw FileSystemException("Cannot create server instance directory '" +
+				path + "'", e, path);
+		}
 	}
 	
 	bool isDirectory(const string &dir, struct dirent *entry) const {