Commit 8f470299 authored by Ken Coar's avatar Ken Coar
Browse files 

	Bring forward the suexec umask setting option from 1.3, and
	also fix some configure.in bits that would define macros
	that needed to be numbers as strings instead.

Obtained from:	Apache HTTP Server 1.3


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88493 13f79535-47bb-0310-9956-ffa450edef68
parent 5e89e3dd

CHANGES

+3 −0
Original line number Diff line number Diff line 
Changes with Apache 2.0.15-dev



  *) Bring forward the --suexec-umask option which allows the

     builder to preset the umask for suexec processes.  [Ken Coar]



  *) Add a -V flag to suexec, which causes it to display the

     compile-time settings with which it was built.  (Only

     usable by root or the AP_HTTPD_USER username.)  [Ken Coar]

configure.in

+6 −2
Original line number Diff line number Diff line
@@ -183,11 +183,11 @@ AC_ARG_WITH(suexec-docroot, 


AC_ARG_WITH(suexec-uidmin,

[  --with-suexec-uidmin    Minimal allowed UID],[

  AC_DEFINE_UNQUOTED(AP_UID_MIN, "$withval", [Minimal allowed UID] ) ] )

  AC_DEFINE_UNQUOTED(AP_UID_MIN, $withval, [Minimum allowed UID] ) ] )



AC_ARG_WITH(suexec-gidmin,

[  --with-suexec-gidmin    Minimal allowed GID],[

  AC_DEFINE_UNQUOTED(AP_GID_MIN, "$withval", [Minimal allowed GID] ) ] )

  AC_DEFINE_UNQUOTED(AP_GID_MIN, $withval, [Minimum allowed GID] ) ] )



AC_ARG_WITH(suexec-logfile,

[  --with-suexec-logfile   Set the logfile],[
@@ -197,6 +197,10 @@ AC_ARG_WITH(suexec-safepath, 
[  --with-suexec-safepath  Set the safepath],[

  AC_DEFINE_UNQUOTED(AP_SAFE_PATH, "$withval", [safe shell path for SuExec] ) ] )



AC_ARG_WITH(suexec-umask,

[  --with-suexec-umask     umask for suexec'd process],[

  AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] )



dnl AP_LIB_DIRS specifies the additional libs from srclib/ that we need

dnl AP_LIBS specifies the actual libraries. note we have some required libs.

AP_LIBS="srclib/pcre/libpcre.la srclib/apr-util/libaprutil.la $AP_LIBS"

support/suexec.c

+14 −4
Original line number Diff line number Diff line
@@ -301,11 +301,11 @@ int main(int argc, char *argv[]) 
#ifdef AP_LOG_EXEC

        fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC);

#endif

#ifdef SAFE_PATH

        fprintf(stderr, " -D SAFE_PATH=\"%s\"\n", SAFE_PATH);

#ifdef AP_SAFE_PATH

        fprintf(stderr, " -D AP_SAFE_PATH=\"%s\"\n", AP_SAFE_PATH);

#endif

#ifdef SUEXEC_UMASK

        fprintf(stderr, " -D SUEXEC_UMASK=%03o\n", SUEXEC_UMASK);

#ifdef AP_SUEXEC_UMASK

        fprintf(stderr, " -D AP_SUEXEC_UMASK=%03o\n", AP_SUEXEC_UMASK);

#endif

#ifdef AP_UID_MIN

        fprintf(stderr, " -D AP_UID_MID=%d\n", AP_UID_MIN);
@@ -580,6 +580,16 @@ int main(int argc, char *argv[]) 
	exit(121);

    }



#ifdef AP_SUEXEC_UMASK

    /*

     * umask() uses inverse logic; bits are CLEAR for allowed access.

     */

    if ((~AP_SUEXEC_UMASK) & 0022) {

        log_err("notice: AP_SUEXEC_UMASK of %03o allows "

                "write permission to group and/or other\n", AP_SUEXEC_UMASK);

    }

    umask(AP_SUEXEC_UMASK);

#endif /* AP_SUEXEC_UMASK */

    clean_env();



    /*