Bug 136091
| Summary: | [PATCH] www/apache22 - suexec resource limits patch | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Alexey Degtyarev <alexey> | ||||||
| Component: | Individual Port(s) | Assignee: | freebsd-apache (Nobody) <apache> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Only Me | ||||||||
| Priority: | Normal | ||||||||
| Version: | Latest | ||||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| Attachments: |
|
||||||||
|
Description
Alexey Degtyarev
2009-06-27 15:40:01 UTC
Responsible Changed From-To: freebsd-ports-bugs->apache Over to maintainer (via the GNATS Auto Assign Tool) Should be an optional patch, please consider adding a make config option.
> Should be an optional patch, please consider adding a make config option.
Ok, I have attached diff with this patch enabled via config option
(default is off).
+ minor code cleanup for Makefile: [129]: whitespace before end of line.
--
Alexey V. Degtyarev
Responsible Changed From-To: apache->pgollucci I'll take it. > Thank you very much for your problem report.
> It has the internal identification `ports/136091'.
> The individual assigned to look at your
> report is: freebsd-ports-bugs.
>
> You can access the state of your problem report at any time
> via this link:
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=136091
>
> >Category: ports
> >Responsible: freebsd-ports-bugs
> >Synopsis: [PATCH] www/apache22 - suexec resource limits patch
> >Arrival-Date: Sat Jun 27 14:40:01 UTC 2009
Are there any chances to see this patch in the next ports tree freeze?
Actually this patch has been tested for a long time on a havy load
production virtual hosting servers.
--
Alexey V. Degtyarev
State Changed From-To: open->analyzed this needs to go upstrream to dev@httpd.a.o, I'll follow up there State Changed From-To: analyzed->open Maintainer approved. Responsible Changed From-To: pgollucci->apache Over to maintainer. State Changed From-To: open->closed Committed. Thanks! pgollucci 2010-05-14 05:03:30 UTC
FreeBSD ports repository
Modified files:
www/apache22 Makefile Makefile.options
Added files:
www/apache22/files patch-suexec_rsrclimit
Log:
By default suexec doesn't enforces different resource limitations configured in
login.conf(5). This is probably because resource limitations are handled
differently on various different platforms.
This modifies suexec behaviour to set resource limits for CGI's
from /etc/login.conf before execing the customers CGI script.
Doesn't affect default package, so no PORTREVISION bumps.
I will follow up at dev@httpd.apache.org to see about adding this
with #ifdefs.
PR: ports/136091
Submitted by: Alexey V.Degtyarev <alexey@renatasystems.org>
With Hat: apache@
Revision Changes Path
1.268 +8 -0 ports/www/apache22/Makefile
1.5 +1 -0 ports/www/apache22/Makefile.options
1.1 +49 -0 ports/www/apache22/files/patch-suexec_rsrclimit (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Maybe this patch should be a bit more overreaching.=20 It's just applying the rlimits from login.conf, but it would be more = useful if it supported other important login.conf attributes such as the MAC labels.=20 Any thoughts? I would change the LOGIN_RLIMITS to LOGIN_ALL, on FreeBSD a proper = switch to a different user should be expected to honor whatever is put on login.conf. Any potential side-effects I am not aware of? Borja. |
