Attachment #97365 for bug #136091

Lines 9-15 Link Here

(-)apache22/Makefile (-1 / +1 lines)
9		9
10	PORTNAME= apache	10	PORTNAME= apache
11	PORTVERSION= 2.2.11	11	PORTVERSION= 2.2.11
12	PORTREVISION?= 7	12	PORTREVISION?= 8
13	CATEGORIES= www	13	CATEGORIES= www
14	MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD}	14	MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD}
15	DISTNAME= httpd-${PORTVERSION}	15	DISTNAME= httpd-${PORTVERSION}




# http://www.chrishardie.com/tech/apache/suexec_rsrclimit.html
--- support/suexec.c.orig	Wed Jul 12 07:38:44 2006
+++ support/suexec.c		Wed Nov 15 23:58:04 2006
@@ -37,6 +37,7 @@
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <login_cap.h>
 #include <string.h>
 #include <time.h>
 #if APR_HAVE_UNISTD_H
@@ -259,6 +260,7 @@
     char *cmd;              /* command to be executed    */
     char cwd[AP_MAXPATH];   /* current working directory */
     char dwd[AP_MAXPATH];   /* docroot working directory */
+    login_cap_t *lc;        /* user resource limits      */
     struct passwd *pw;      /* password entry holder     */
     struct group *gr;       /* group entry holder        */
     struct stat dir_info;   /* directory info holder     */
@@ -463,6 +465,18 @@
         log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd);
         exit(108);
     }
+
+    /*
+     * Apply user resource limits based on login class.
+     */
+    if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
+		log_err("failed to login_getclassbyname()\n");
+		exit(109);
+	}
+	if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) {
+		log_err("failed to setusercontext()\n");
+		exit(109);
+	}
 
     /*
      * Change UID/GID here so that the following tests work over NFS.
--- support/Makefile.in.orig	Thu Nov 16 02:20:47 2006
+++ support/Makefile.in	Thu Nov 16 02:11:29 2006
@@ -65,7 +65,7 @@
 
 suexec_OBJECTS = suexec.lo
 suexec: $(suexec_OBJECTS)
-	$(LINK) $(suexec_OBJECTS)
+	$(LINK) -lutil $(suexec_OBJECTS)
 
 htcacheclean_OBJECTS = htcacheclean.lo
 htcacheclean: $(htcacheclean_OBJECTS)

Return to bug 136091

Line 0 Link Here

(-)apache22/files/patch-suexec_rsrclimit (+49 lines)
	1	# http://www.chrishardie.com/tech/apache/suexec_rsrclimit.html
	2	--- support/suexec.c.orig Wed Jul 12 07:38:44 2006
	3	+++ support/suexec.c Wed Nov 15 23:58:04 2006
	4	@@ -37,6 +37,7 @@
	5	#include <sys/param.h>
	6	#include <sys/stat.h>
	7	#include <sys/types.h>
	8	+#include <login_cap.h>
	9	#include <string.h>
	10	#include <time.h>
	11	#if APR_HAVE_UNISTD_H
	12	@@ -259,6 +260,7 @@
	13	char cmd; / command to be executed */
	14	char cwd[AP_MAXPATH]; /* current working directory */
	15	char dwd[AP_MAXPATH]; /* docroot working directory */
	16	+ login_cap_t lc; / user resource limits */
	17	struct passwd pw; / password entry holder */
	18	struct group gr; / group entry holder */
	19	struct stat dir_info; /* directory info holder */
	20	@@ -463,6 +465,18 @@
	21	log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd);
	22	exit(108);
	23	}
	24	+
	25	+ /*
	26	+ * Apply user resource limits based on login class.
	27	+ */
	28	+ if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
	29	+ log_err("failed to login_getclassbyname()\n");
	30	+ exit(109);
	31	+ }
	32	+ if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) {
	33	+ log_err("failed to setusercontext()\n");
	34	+ exit(109);
	35	+ }
	36
	37	/*
	38	* Change UID/GID here so that the following tests work over NFS.
	39	--- support/Makefile.in.orig Thu Nov 16 02:20:47 2006
	40	+++ support/Makefile.in Thu Nov 16 02:11:29 2006
	41	@@ -65,7 +65,7 @@
	42
	43	suexec_OBJECTS = suexec.lo
	44	suexec: $(suexec_OBJECTS)
	45	- $(LINK) $(suexec_OBJECTS)
	46	+ $(LINK) -lutil $(suexec_OBJECTS)
	47
	48	htcacheclean_OBJECTS = htcacheclean.lo
	49	htcacheclean: $(htcacheclean_OBJECTS)