httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nsc <nsc.maill...@loginroot.com>
Subject Re: [PATCH] SuexecUserGroup inside Directory context
Date Thu, 11 Sep 2014 20:02:06 GMT
+1

nsc

On 2014.09.11 22:16, Martynas Bendorius wrote:
> I've created a patch for it, as I didn't have my question answered :)
>  From my point of view it's still secure, as it doesn't allow to set
> SuexecUserGroup in .htaccess. I tested it and had no problems with it.
> Please include it into the trunk if you think it's okay to add it.
>
> =========================
>
> --- httpd-2.4.10/modules/generators/mod_suexec.c.old    2011-12-05
> 01:08:01.000000000 +0100
> +++ httpd-2.4.10/modules/generators/mod_suexec.c    2014-09-11
> 00:16:21.444000009 +0200
> @@ -59,7 +59,7 @@
>                                      const char *uid, const char *gid)
>   {
>       suexec_config_t *cfg = (suexec_config_t *) mconfig;
> -    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE);
> +    const char *err = ap_check_cmd_context(cmd,
> NOT_IN_LOCATION|NOT_IN_FILES);
>
>       if (err != NULL) {
>           return err;
> @@ -116,7 +116,7 @@
>   {
>       /* XXX - Another important reason not to allow this in .htaccess
> is that
>        * the ap_[ug]name2id() is not thread-safe */
> -    AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL, RSRC_CONF,
> +    AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL,
> RSRC_CONF|ACCESS_CONF,
>         "User and group for spawned processes"),
>       { NULL }
>   };
>
> =========================
>
> Best regards,
> Martynas Bendorius
>

Mime
View raw message