[pkg-lighttpd] Bug#535523: lighttpd.logrotate: do not start lighttpd (through "reload") if it is not running currently

[Daniel Hahler]

Package: lighttpd
Version: 1.4.22-1
Severity: important
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch

>From https://launchpad.net/bugs/393792:
"""
The logrotate script of lighttpd does a lighttpd reload, which is what it should do, but if I stop the lighttpd daemon manually I certainly do NOT want it to be started again by the log rotation. reload should NOT start a daemon if it is not running IMO.

restart -> stop and start
reload -> reload config (for some this is also stop/start, but it should only be executed if the daemon was running before.)

This is a security issue, because if someone does not know that and intentionally stops the server for some reason and wants to leave it that way eg. for testing or so, the server gets started and may run with faulty software. (happened to me)
"""

Please note that e.g. "apache2ctl graceful" will start apache, if it is not running, too.
However, the PID file gets removed when stopping and therefore Apache's logrotate script (which includes the same "is the pidfile there" check), won't start Apache, if it is not running currently.

I could not find any information about if "reload" should start a service; the most sane fix for this problem appears to add the check in the logrotate script.

*** /tmp/tmpOYo0z1
In Ubuntu, we've applied the attached patch to achieve the following:

  * debian/lighttpd.logrotate: check if lighttpd is running, before
    calling reload, which would start the daemon if it is not running
    currently (LP: #393792)

We thought you might be interested in doing the same. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tmpRmFAXQ
Type: text/x-diff
Size: 565 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-lighttpd-maintainers/attachments/20090703/7e521713/attachment.diff>