httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n..@apache.org
Subject svn commit: r710108 - /httpd/httpd/trunk/server/core.c
Date Mon, 03 Nov 2008 17:24:56 GMT
Author: niq
Date: Mon Nov  3 09:24:56 2008
New Revision: 710108

URL: http://svn.apache.org/viewvc?rev=710108&view=rev
Log:
Move security check to post_config, ćos pre-config hooks don´t
run in expected order.

Modified:
    httpd/httpd/trunk/server/core.c

Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=710108&r1=710107&r2=710108&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Mon Nov  3 09:24:56 2008
@@ -3683,6 +3683,15 @@
 APR_OPTIONAL_FN_TYPE(ap_logio_add_bytes_out) *logio_add_bytes_out;
 APR_OPTIONAL_FN_TYPE(authz_some_auth_required) *authz_ap_some_auth_required;
 
+/* Insist that at least one module will undertake to provide system
+ * security by dropping startup privileges.
+ */
+static int sys_privileges = 0;
+AP_DECLARE(int) sys_privileges_handlers(int inc)
+{
+    sys_privileges += inc;
+    return sys_privileges;
+}
 static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec
*s)
 {
     logio_add_bytes_out = APR_RETRIEVE_OPTIONAL_FN(ap_logio_add_bytes_out);
@@ -3695,6 +3704,13 @@
     set_banner(pconf);
     ap_setup_make_content_type(pconf);
     ap_setup_auth_internal(ptemp);
+    if (!sys_privileges) {
+        ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL,
+                     "Server MUST relinquish startup privileges before "
+                     "accepting connections.  Please ensure mod_unixd "
+                     "or other system security module is loaded.");
+        return !OK;
+    }
     return OK;
 }
 
@@ -3884,27 +3900,6 @@
     return DONE;
 }
 
-/* Insist that at least one module will undertake to provide system
- * security by dropping startup privileges.
- */
-static int sys_privileges = 0;
-AP_DECLARE(int) sys_privileges_handlers(int inc)
-{
-    sys_privileges += inc;
-    return sys_privileges;
-}
-static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)
-{
-    if (!sys_privileges) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL,
-                     "Server MUST relinquish startup privileges before "
-                     "accepting connections.  Please ensure mod_unixd "
-                     "or other system security module is loaded.");
-        return !OK;
-    }
-    return OK;
-}
-
 static void register_hooks(apr_pool_t *p)
 {
     /* create_connection and install_transport_filters are
@@ -3917,7 +3912,6 @@
     ap_hook_pre_connection(core_pre_connection, NULL, NULL,
                            APR_HOOK_REALLY_LAST);
 
-    ap_hook_pre_config(core_pre_config,NULL,NULL,APR_HOOK_LAST);
     ap_hook_post_config(core_post_config,NULL,NULL,APR_HOOK_REALLY_FIRST);
     ap_hook_translate_name(ap_core_translate,NULL,NULL,APR_HOOK_REALLY_LAST);
     ap_hook_map_to_storage(core_map_to_storage,NULL,NULL,APR_HOOK_REALLY_LAST);



Mime
View raw message