FreeBSD Bugzilla – Attachment 97366 Details for
Bug 136091
[PATCH] www/apache22 - suexec resource limits patch
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
apache22.patch
apache22.patch (text/x-diff; charset=us-ascii), 3.18 KB, created by
Alexey Degtyarev
on 2009-07-07 19:03:36 UTC
(
hide
)
Description:
apache22.patch
Filename:
MIME Type:
Creator:
Alexey Degtyarev
Created:
2009-07-07 19:03:36 UTC
Size:
3.18 KB
patch
obsolete
>diff -u -N -r apache22.orig/Makefile apache22/Makefile >--- apache22.orig/Makefile 2009-06-18 19:40:42.000000000 +0400 >+++ apache22/Makefile 2009-07-07 21:24:54.000000000 +0400 >@@ -126,7 +126,7 @@ > > .if defined(WITH_APR_FROM_PORTS) > PLIST_SUB+= APR_PORTS="@comment " >-APR_PORT?= devel/apr >+APR_PORT?= devel/apr > LIB_DEPENDS+= apr-1:${PORTSDIR}/${APR_PORT} > CONFIGURE_ARGS+= --with-apr=${LOCALBASE}/bin/apr-1-config \ > --with-apr-util=${LOCALBASE}/bin/apu-1-config >@@ -169,6 +169,14 @@ > . endif > .endif > >+.if defined(WITH_SUEXEC_RSRCLIMIT) >+EXTRA_PATCHES+= ${FILESDIR}/extra-patch-suexec_rsrclimit >+.if !defined(WITH_SUEXEC) >+IGNORE= suEXEC resource limit patch requires mod_suexec.\ >+ Please (re)run 'make config' and choose SUEXEC option also >+.endif >+.endif >+ > CONFIGURE_ARGS+= --with-mpm=${WITH_MPM:L} > > pre-everything:: >diff -u -N -r apache22.orig/Makefile.options apache22/Makefile.options >--- apache22.orig/Makefile.options 2009-06-12 16:35:33.000000000 +0400 >+++ apache22/Makefile.options 2009-07-07 21:22:40.000000000 +0400 >@@ -71,5 +71,6 @@ > PROXY_BALANCER "Enable mod_proxy_balancer" OFF \ > SSL "Enable mod_ssl" ON \ > SUEXEC "Enable mod_suexec" OFF \ >+ SUEXEC_RSRCLIMIT "SuEXEC rlimits based on login class" OFF \ > CGID "Enable mod_cgid" OFF \ > >diff -u -N -r apache22.orig/files/extra-patch-suexec_rsrclimit apache22/files/extra-patch-suexec_rsrclimit >--- apache22.orig/files/extra-patch-suexec_rsrclimit 1970-01-01 03:00:00.000000000 +0300 >+++ apache22/files/extra-patch-suexec_rsrclimit 2009-06-27 17:08:57.000000000 +0400 >@@ -0,0 +1,49 @@ >+# http://www.chrishardie.com/tech/apache/suexec_rsrclimit.html >+--- support/suexec.c.orig Wed Jul 12 07:38:44 2006 >++++ support/suexec.c Wed Nov 15 23:58:04 2006 >+@@ -37,6 +37,7 @@ >+ #include <sys/param.h> >+ #include <sys/stat.h> >+ #include <sys/types.h> >++#include <login_cap.h> >+ #include <string.h> >+ #include <time.h> >+ #if APR_HAVE_UNISTD_H >+@@ -259,6 +260,7 @@ >+ char *cmd; /* command to be executed */ >+ char cwd[AP_MAXPATH]; /* current working directory */ >+ char dwd[AP_MAXPATH]; /* docroot working directory */ >++ login_cap_t *lc; /* user resource limits */ >+ struct passwd *pw; /* password entry holder */ >+ struct group *gr; /* group entry holder */ >+ struct stat dir_info; /* directory info holder */ >+@@ -463,6 +465,18 @@ >+ log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd); >+ exit(108); >+ } >++ >++ /* >++ * Apply user resource limits based on login class. >++ */ >++ if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) { >++ log_err("failed to login_getclassbyname()\n"); >++ exit(109); >++ } >++ if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) { >++ log_err("failed to setusercontext()\n"); >++ exit(109); >++ } >+ >+ /* >+ * Change UID/GID here so that the following tests work over NFS. >+--- support/Makefile.in.orig Thu Nov 16 02:20:47 2006 >++++ support/Makefile.in Thu Nov 16 02:11:29 2006 >+@@ -65,7 +65,7 @@ >+ >+ suexec_OBJECTS = suexec.lo >+ suexec: $(suexec_OBJECTS) >+- $(LINK) $(suexec_OBJECTS) >++ $(LINK) -lutil $(suexec_OBJECTS) >+ >+ htcacheclean_OBJECTS = htcacheclean.lo >+ htcacheclean: $(htcacheclean_OBJECTS)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=97366">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 136091
:
97365
| 97366