FreeBSD Bugzilla – Attachment 97365 Details for
Bug 136091
[PATCH] www/apache22 - suexec resource limits patch
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
apache22.patch
apache22.patch (text/plain), 2.26 KB, created by
Alexey Degtyarev
on 2009-06-27 15:40:01 UTC
(
hide
)
Description:
apache22.patch
Filename:
MIME Type:
Creator:
Alexey Degtyarev
Created:
2009-06-27 15:40:01 UTC
Size:
2.26 KB
patch
obsolete
>diff -u -Nr apache22.orig/Makefile apache22/Makefile >--- apache22.orig/Makefile 2009-06-18 19:40:42.000000000 +0400 >+++ apache22/Makefile 2009-06-27 17:19:08.000000000 +0400 >@@ -9,7 +9,7 @@ > > PORTNAME= apache > PORTVERSION= 2.2.11 >-PORTREVISION?= 7 >+PORTREVISION?= 8 > CATEGORIES= www > MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} > DISTNAME= httpd-${PORTVERSION} >diff -u -Nr apache22.orig/files/patch-suexec_rsrclimit apache22/files/patch-suexec_rsrclimit >--- apache22.orig/files/patch-suexec_rsrclimit 1970-01-01 03:00:00.000000000 +0300 >+++ apache22/files/patch-suexec_rsrclimit 2009-06-27 17:08:57.000000000 +0400 >@@ -0,0 +1,49 @@ >+# http://www.chrishardie.com/tech/apache/suexec_rsrclimit.html >+--- support/suexec.c.orig Wed Jul 12 07:38:44 2006 >++++ support/suexec.c Wed Nov 15 23:58:04 2006 >+@@ -37,6 +37,7 @@ >+ #include <sys/param.h> >+ #include <sys/stat.h> >+ #include <sys/types.h> >++#include <login_cap.h> >+ #include <string.h> >+ #include <time.h> >+ #if APR_HAVE_UNISTD_H >+@@ -259,6 +260,7 @@ >+ char *cmd; /* command to be executed */ >+ char cwd[AP_MAXPATH]; /* current working directory */ >+ char dwd[AP_MAXPATH]; /* docroot working directory */ >++ login_cap_t *lc; /* user resource limits */ >+ struct passwd *pw; /* password entry holder */ >+ struct group *gr; /* group entry holder */ >+ struct stat dir_info; /* directory info holder */ >+@@ -463,6 +465,18 @@ >+ log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd); >+ exit(108); >+ } >++ >++ /* >++ * Apply user resource limits based on login class. >++ */ >++ if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) { >++ log_err("failed to login_getclassbyname()\n"); >++ exit(109); >++ } >++ if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) { >++ log_err("failed to setusercontext()\n"); >++ exit(109); >++ } >+ >+ /* >+ * Change UID/GID here so that the following tests work over NFS. >+--- support/Makefile.in.orig Thu Nov 16 02:20:47 2006 >++++ support/Makefile.in Thu Nov 16 02:11:29 2006 >+@@ -65,7 +65,7 @@ >+ >+ suexec_OBJECTS = suexec.lo >+ suexec: $(suexec_OBJECTS) >+- $(LINK) $(suexec_OBJECTS) >++ $(LINK) -lutil $(suexec_OBJECTS) >+ >+ htcacheclean_OBJECTS = htcacheclean.lo >+ htcacheclean: $(htcacheclean_OBJECTS)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=97365">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 136091
: 97365 |
97366