[rt-users] 5-10 seconds for each request? (Re: FastCGI)
Bob Goldstein
bobg at uic.edu
Mon Nov 17 13:57:56 EST 2003
>Hi,
>
>michael.firestone wrote:
>
>> Yes, I know. It completely circumvents the idea of taint checking. But
>> it fixed the problem :)
>
>Thanks, that was a possible fix. Although I don't quite like it, to be
>honest. Is there no "clean" way to fix this? Why doesn't this problem
>break the mod_perl variant?
>
Because with mod_perl, you don't run an external process,
you load the perl code right into apache, so there is
no sgid involved, and no taint checking. The RT code
runs intrinsically with the gid (and uid) of the apache
process, not a whole lot different from my solution
of having the apache gid be the same as fcgi.
Here's an idea, but I haven't checked the details. I'm using
apache to _launch_ the fastcgi process, so obviously the
apache uid/gid needs adequate privs. But instead, you
can launch the fastcgi by hand (or by cron) separately.
That may fix your priv problem provided the launching process
has group 'rt', different from apache. But it means you
need a separate way to ensure the fastcgi process stays
up, since apache can't re-launch it. In fact, I think apache
and fastcgi can be on different machines if that's useful.
bobg
More information about the rt-users
mailing list