httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@apache.org
Subject cvs commit: httpd-2.0/support suexec.c
Date Sun, 11 Mar 2001 23:22:32 GMT
coar        01/03/11 15:22:32

  Modified:    .        CHANGES configure.in
               support  suexec.c
  Log:
  	Bring forward the suexec umask setting option from 1.3, and
  	also fix some configure.in bits that would define macros
  	that needed to be numbers as strings instead.
  
  Obtained from:	Apache HTTP Server 1.3
  
  Revision  Changes    Path
  1.128     +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.127
  retrieving revision 1.128
  diff -u -u -r1.127 -r1.128
  --- CHANGES	2001/03/11 15:01:17	1.127
  +++ CHANGES	2001/03/11 23:22:31	1.128
  @@ -1,5 +1,8 @@
   Changes with Apache 2.0.15-dev
   
  +  *) Bring forward the --suexec-umask option which allows the
  +     builder to preset the umask for suexec processes.  [Ken Coar]
  +
     *) Add a -V flag to suexec, which causes it to display the
        compile-time settings with which it was built.  (Only
        usable by root or the AP_HTTPD_USER username.)  [Ken Coar]
  
  
  
  1.129     +6 -2      httpd-2.0/configure.in
  
  Index: configure.in
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/configure.in,v
  retrieving revision 1.128
  retrieving revision 1.129
  diff -u -u -r1.128 -r1.129
  --- configure.in	2001/03/08 18:20:25	1.128
  +++ configure.in	2001/03/11 23:22:31	1.129
  @@ -183,11 +183,11 @@
   
   AC_ARG_WITH(suexec-uidmin,
   [  --with-suexec-uidmin    Minimal allowed UID],[
  -  AC_DEFINE_UNQUOTED(AP_UID_MIN, "$withval", [Minimal allowed UID] ) ] )
  +  AC_DEFINE_UNQUOTED(AP_UID_MIN, $withval, [Minimum allowed UID] ) ] )
   
   AC_ARG_WITH(suexec-gidmin,
   [  --with-suexec-gidmin    Minimal allowed GID],[
  -  AC_DEFINE_UNQUOTED(AP_GID_MIN, "$withval", [Minimal allowed GID] ) ] )
  +  AC_DEFINE_UNQUOTED(AP_GID_MIN, $withval, [Minimum allowed GID] ) ] )
   
   AC_ARG_WITH(suexec-logfile,
   [  --with-suexec-logfile   Set the logfile],[
  @@ -196,6 +196,10 @@
   AC_ARG_WITH(suexec-safepath,
   [  --with-suexec-safepath  Set the safepath],[
     AC_DEFINE_UNQUOTED(AP_SAFE_PATH, "$withval", [safe shell path for SuExec] ) ] )
  +
  +AC_ARG_WITH(suexec-umask,
  +[  --with-suexec-umask     umask for suexec'd process],[
  +  AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] )
   
   dnl AP_LIB_DIRS specifies the additional libs from srclib/ that we need
   dnl AP_LIBS specifies the actual libraries. note we have some required libs.
  
  
  
  1.14      +14 -4     httpd-2.0/support/suexec.c
  
  Index: suexec.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/support/suexec.c,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -u -r1.13 -r1.14
  --- suexec.c	2001/03/09 20:20:30	1.13
  +++ suexec.c	2001/03/11 23:22:32	1.14
  @@ -301,11 +301,11 @@
   #ifdef AP_LOG_EXEC
           fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC);
   #endif
  -#ifdef SAFE_PATH
  -        fprintf(stderr, " -D SAFE_PATH=\"%s\"\n", SAFE_PATH);
  +#ifdef AP_SAFE_PATH
  +        fprintf(stderr, " -D AP_SAFE_PATH=\"%s\"\n", AP_SAFE_PATH);
   #endif
  -#ifdef SUEXEC_UMASK
  -        fprintf(stderr, " -D SUEXEC_UMASK=%03o\n", SUEXEC_UMASK);
  +#ifdef AP_SUEXEC_UMASK
  +        fprintf(stderr, " -D AP_SUEXEC_UMASK=%03o\n", AP_SUEXEC_UMASK);
   #endif
   #ifdef AP_UID_MIN
           fprintf(stderr, " -D AP_UID_MID=%d\n", AP_UID_MIN);
  @@ -580,6 +580,16 @@
   	exit(121);
       }
   
  +#ifdef AP_SUEXEC_UMASK
  +    /*
  +     * umask() uses inverse logic; bits are CLEAR for allowed access.
  +     */
  +    if ((~AP_SUEXEC_UMASK) & 0022) {
  +        log_err("notice: AP_SUEXEC_UMASK of %03o allows "
  +                "write permission to group and/or other\n", AP_SUEXEC_UMASK);
  +    }
  +    umask(AP_SUEXEC_UMASK);
  +#endif /* AP_SUEXEC_UMASK */
       clean_env();
   
       /* 
  
  
  

Mime
View raw message