Attachment 125184 Details for Bug 168769 – patch-www-apache-suexec_userdir.txt

[patch] patch-www-apache-suexec_userdir.txt

patch-www-apache-suexec_userdir.txt (text/plain), 3.41 KB, created by Bryan Drewery on 2012-06-06 22:00:24 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Bryan Drewery

Created: 2012-06-06 22:00:24 UTC

Size: 3.41 KB

patch

obsolete

>diff -Nur ../apache22.orig/Makefile ./Makefile
>--- ../apache22.orig/Makefile	2012-02-14 06:44:22.000000000 -0600
>+++ ./Makefile	2012-06-06 15:50:07.000000000 -0500
>@@ -125,6 +125,14 @@
> 
> .include "${APACHEDIR}/Makefile.modules"
> 
>+.if defined(WITH_SUEXEC_USERDIR)
>+EXTRA_PATCHES+= ${FILESDIR}/extra-patch-suexec_userdir
>+.if !defined(WITH_SUEXEC)
>+IGNORE=         suEXEC UserDir patch requires mod_suexec.\
>+		Please (re)run 'make config' and choose SUEXEC option also
>+.endif
>+.endif
>+
> .if (defined(WITH_SSL)|| !defined(WITHOUT_SSL_MODULES))
> .include "${PORTSDIR}/Mk/bsd.openssl.mk"
> CFLAGS+=	-I${OPENSSLINC}
>diff -Nur ../apache22.orig/Makefile.options ./Makefile.options
>--- ../apache22.orig/Makefile.options	2012-02-07 22:35:31.000000000 -0600
>+++ ./Makefile.options	2012-06-06 15:31:04.000000000 -0500
>@@ -73,6 +73,7 @@
> 	 SSL "Enable mod_ssl" ON \
> 	 SUEXEC "Enable mod_suexec" OFF \
> 	 SUEXEC_RSRCLIMIT "SuEXEC rlimits based on login class" OFF \
>+	 SUEXEC_USERDIR "SuEXEC UserDir support" OFF \
> 	 REQTIMEOUT "Enable mod_reqtimeout" ON \
> 	 CGID "Enable mod_cgid" OFF \
> 
>diff -Nur ../apache22.orig/files/extra-patch-suexec_userdir ./files/extra-patch-suexec_userdir
>--- ../apache22.orig/files/extra-patch-suexec_userdir	1969-12-31 18:00:00.000000000 -0600
>+++ ./files/extra-patch-suexec_userdir	2012-05-06 20:01:16.000000000 -0500
>@@ -0,0 +1,55 @@
>+--- modules/generators/mod_suexec.c.orig	2006-07-11 22:38:44.000000000 -0500
>++++ modules/generators/mod_suexec.c	2010-02-05 23:22:23.000000000 -0600
>+@@ -57,10 +57,11 @@
>+ }
>+ 
>+ static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig,
>+-                                   const char *uid, const char *gid)
>++                                   const char *uid, const char *gid,
>++                                   int userdir)
>+ {
>+     suexec_config_t *cfg = (suexec_config_t *) mconfig;
>+-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
>++    const char *err = ap_check_cmd_context(cmd, NOT_IN_LOCATION|NOT_IN_FILES|NOT_IN_LIMIT);
>+ 
>+     if (err != NULL) {
>+         return err;
>+@@ -68,7 +69,7 @@
>+     if (unixd_config.suexec_enabled) {
>+         cfg->ugid.uid = ap_uname2id(uid);
>+         cfg->ugid.gid = ap_gname2id(gid);
>+-        cfg->ugid.userdir = 0;
>++        cfg->ugid.userdir = userdir;
>+         cfg->active = 1;
>+     }
>+     else {
>+@@ -78,6 +79,18 @@
>+     return NULL;
>+ }
>+ 
>++static const char *set_suexec_ugid_nouserdir(cmd_parms *cmd, void *mconfig,
>++                                             const char *uid, const char *gid)
>++{
>++    return set_suexec_ugid(cmd, mconfig, uid, gid, 0);
>++}
>++
>++static const char *set_suexec_ugid_userdir(cmd_parms *cmd, void *mconfig,
>++                                           const char *uid, const char *gid)
>++{
>++    return set_suexec_ugid(cmd, mconfig, uid, gid, 1);
>++}
>++
>+ static ap_unix_identity_t *get_suexec_id_doer(const request_rec *r)
>+ {
>+     suexec_config_t *cfg =
>+@@ -115,7 +128,9 @@
>+ {
>+     /* XXX - Another important reason not to allow this in .htaccess is that
>+      * the ap_[ug]name2id() is not thread-safe */
>+-    AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL, RSRC_CONF,
>++    AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid_nouserdir, NULL, RSRC_CONF|ACCESS_CONF,
>++      "User and group for spawned processes"),
>++    AP_INIT_TAKE2("SuexecUserdir", set_suexec_ugid_userdir, NULL, RSRC_CONF|ACCESS_CONF,
>+       "User and group for spawned processes"),
>+     { NULL }
>+ };

Actions: View | Diff

Attachments on bug 168769: 125184