|
Link Here
|
|
|
1 |
diff -Nru support/Makefile.in.orig1 support/Makefile.in |
| 2 |
--- support/Makefile.in.orig1 2010-05-14 10:05:11.000000000 +0400 |
| 3 |
+++ support/Makefile.in 2010-05-14 10:05:41.000000000 +0400 |
| 4 |
@@ -57,7 +57,7 @@ |
| 5 |
|
| 6 |
suexec_OBJECTS = suexec.lo |
| 7 |
suexec: $(suexec_OBJECTS) |
| 8 |
- $(LINK) $(suexec_OBJECTS) |
| 9 |
+ $(LINK) -lutil $(suexec_OBJECTS) |
| 10 |
|
| 11 |
httxt2dbm_OBJECTS = httxt2dbm.lo |
| 12 |
httxt2dbm: $(httxt2dbm_OBJECTS) |
| 13 |
diff -Nru support/suexec.c.orig1 support/suexec.c |
| 14 |
--- support/suexec.c.orig1 2006-07-12 11:40:55.000000000 +0400 |
| 15 |
+++ support/suexec.c 2010-05-14 10:05:41.000000000 +0400 |
| 16 |
@@ -37,6 +37,7 @@ |
| 17 |
#include <sys/param.h> |
| 18 |
#include <sys/stat.h> |
| 19 |
#include <sys/types.h> |
| 20 |
+#include <login_cap.h> |
| 21 |
#include <string.h> |
| 22 |
#include <time.h> |
| 23 |
#if APR_HAVE_UNISTD_H |
| 24 |
@@ -242,6 +243,7 @@ |
| 25 |
char *cmd; /* command to be executed */ |
| 26 |
char cwd[AP_MAXPATH]; /* current working directory */ |
| 27 |
char dwd[AP_MAXPATH]; /* docroot working directory */ |
| 28 |
+ login_cap_t *lc; /* user resource limits */ |
| 29 |
struct passwd *pw; /* password entry holder */ |
| 30 |
struct group *gr; /* group entry holder */ |
| 31 |
struct stat dir_info; /* directory info holder */ |
| 32 |
@@ -448,6 +450,18 @@ |
| 33 |
} |
| 34 |
|
| 35 |
/* |
| 36 |
+ * Apply user resource limits based on login class. |
| 37 |
+ */ |
| 38 |
+ if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) { |
| 39 |
+ log_err("failed to login_getclassbyname()\n"); |
| 40 |
+ exit(109); |
| 41 |
+ } |
| 42 |
+ if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) { |
| 43 |
+ log_err("failed to setusercontext()\n"); |
| 44 |
+ exit(109); |
| 45 |
+ } |
| 46 |
+ |
| 47 |
+ /* |
| 48 |
* Change UID/GID here so that the following tests work over NFS. |
| 49 |
* |
| 50 |
* Initialize the group access list for the target user, |