Bug 63140

Summary: pid file may get corrupted and prevent httpd from starting
Product: Apache httpd-2 Reporter: Nicolas Carrier <carrier.nicolas0>
Component: CoreAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: normal CC: carrier.nicolas0
Priority: P2 Keywords: PatchAvailable
Version: 2.5-HEAD   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Attachments: Avoids pid file creation race condition by using a temporary file.

Description Nicolas Carrier 2019-02-04 10:59:23 UTC 
If a power outage occurs at the wrong moment, subsequent attempts to start httpd may fail with the following error:
```
Error retrieving pid file ...
Remove it before continuing if it is corrupted.
```

The way pid files are created in apache is racy. The file is created, then it's content is written to it. If a power outage happens between the two steps, the pid file may stay empty.

A temporary file should be created instead and renamed after it has been written to and flushed.
Comment 1 Nicolas Carrier 2019-02-04 11:00:58 UTC 
Created attachment 36417 [details]
Avoids pid file creation race condition by using a temporary file.

The original pattern for creating the pid file was:
open_create(pid_file)
write(pid_file, pid)
close(pid_file)

But if a power outage occurs between open_create and write, the file will
be empty and httpd will refuse to start afterwards unless the corrupt pid
file is removed.

This patch uses the pattern:
open_create(temp_pid_file)
write(temp_pid_file)
close(temp_pid_file)
rename(temp_pid_file, pid_file)
which is guaranteed to be atomic, provided that temp_pid_file and pid_file
are located in the same file system, which this patch does by creating
a temporary file name with the pattern:
    pid_file_name + random_suffix
Comment 2 Nicolas Carrier 2019-05-22 14:58:57 UTC 
There has been no progress with this issue for more than 3 month.

Is this issue invalid somehow?
Is the patch not acceptable?
Comment 3 Giovanni Bechis 2020-02-22 00:07:25 UTC 
The pid file is not created in a temporary directory but in the current directory. If the directory in which the pid file will be created is on a different filesystem than the current directory the rename call will fail.

[Sat Feb 22 00:01:33.948798 2020] [core:error] [pid 38525:tid 139718597842752] (18)Invalid cross-device link: AH00102: could not rename file httpd.pid.rK6Vaj to /usr/local/apache2/logs/httpd.pid
Comment 4 Joe Orton 2020-03-12 11:58:21 UTC 
I extended Nicolas' patch here 

https://github.com/apache/httpd/pull/100/commits/b5eb2611ea209147476868c8a09e288a132b8a13

to create the temp file in the same directory as the pidfile and add error checking, will merge if Travis is happy.
Comment 5 Joe Orton 2020-03-13 14:36:36 UTC 
Done in r1875153, thanks for the patch Nicolas.

(Made me think about a few further changes, should the pidfile be 0440 not 0660? The rename is not as good as opening the file O_EXCL... but maybe best we can do)