[rt-users] 5-10 seconds for each request? (Re: FastCGI)

Bob Goldstein bobg at uic.edu
Mon Nov 17 13:57:56 EST 2003


>Hi,
>
>michael.firestone wrote:
>
>> Yes, I know.  It completely circumvents the idea of taint checking.  But 
>> it fixed the problem :)
>
>Thanks, that was a possible fix. Although I don't quite like it, to be 
>honest. Is there no "clean" way to fix this? Why doesn't this problem 
>break the mod_perl variant?
>

   Because with mod_perl, you don't run an external process,
   you load the perl code right into apache, so there is
   no sgid involved, and no taint checking.  The RT code
   runs intrinsically with the gid (and uid) of the apache
   process, not a whole lot different from my solution
   of having the apache gid be the same as fcgi.

   Here's an idea, but I haven't checked the details.  I'm using
   apache to _launch_ the fastcgi process, so obviously the
   apache uid/gid needs adequate privs.  But instead, you
   can launch the fastcgi by hand (or by cron) separately.
   That may fix your priv problem provided the launching process
   has group 'rt', different from apache.  But it means you
   need a separate way to ensure the fastcgi process stays
   up, since apache can't re-launch it.  In fact, I think apache
   and fastcgi can be on different machines if that's useful.

      bobg



More information about the rt-users mailing list