From d9d5fea585b23991f76532a9b07de7fcd3b649f4 Mon Sep 17 00:00:00 2001

From: Graham Dumpleton <Graham.Dumpleton@gmail.com>

Date: Wed, 21 May 2014 16:16:47 +1000

Subject: [PATCH] Local privilege escalation when using daemon mode.

 (CVE-2014-0240)

---

 mod_wsgi.c | 13 +++++++++++++

 1 file changed, 13 insertions(+)

diff --git a/mod_wsgi.c b/mod_wsgi.c

index 32b2903..3ef911b 100644

--- a/mod_wsgi.c

+++ b/mod_wsgi.c

@@ -10756,6 +10756,19 @@ static void wsgi_setup_access(WSGIDaemonProcess *daemon)

         ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,

                      "mod_wsgi (pid=%d): Unable to change to uid=%ld.",

                      getpid(), (long)daemon->group->uid);

+

+        /*

+         * On true UNIX systems this should always succeed at

+         * this point. With certain Linux kernel versions though

+         * we can get back EAGAIN where the target user had

+         * reached their process limit. In that case will be left

+         * running as wrong user. Just exit on all failures to be

+         * safe. Don't die immediately to avoid a fork bomb.

+         */

+

+        sleep(20);

+

+        exit(-1);

     }

 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)

-- 

2.0.3