Date: Fri, 14 May 2010 06:20:04 GMT From: Alex Keda <admin@lissyara.su> To: apache@FreeBSD.org Subject: Re: ports/136928: [PATCH] www/apache20 - suexec resource limits patch Message-ID: <201005140620.o4E6K4AX022012@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/136928; it has been noted by GNATS.
From: Alex Keda <admin@lissyara.su>
To: bug-followup@FreeBSD.org, admin@lissyara.su, pgollucci@FreeBSD.org
Cc:
Subject: Re: ports/136928: [PATCH] www/apache20 - suexec resource limits patch
Date: Fri, 14 May 2010 10:16:26 +0400
This is a multi-part message in MIME format.
--------------040503090608000100060500
Content-Type: text/plain; charset=windows-1251; format=flowed
Content-Transfer-Encoding: 7bit
I rewrite with option.
See attached file.
--------------040503090608000100060500
Content-Type: text/plain;
name="apache20.suexec.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="apache20.suexec.diff"
diff -Nru www/apache20.orig/Makefile www/apache20/Makefile
--- www/apache20.orig/Makefile 2010-05-13 08:36:07.000000000 +0400
+++ www/apache20/Makefile 2010-05-14 10:11:27.000000000 +0400
@@ -166,6 +166,14 @@
. endif
.endif
+.if defined(WITH_SUEXEC_RSRCLIMIT)
+EXTRA_PATCHES+= ${FILESDIR}/extra-patch-suexec_rsrclimit
+. if !defined(WITH_SUEXEC)
+IGNORE= suEXEC resource limit patch requires mod_suexec.\
+ Please add 'WITH_SUEXEC=YES' to you /etc/make.conf
+. endif
+.endif
+
CONFIGURE_ARGS+= --with-mpm=${WITH_MPM:L}
show-options:
diff -Nru www/apache20.orig/files/extra-patch-suexec_rsrclimit www/apache20/files/extra-patch-suexec_rsrclimit
--- www/apache20.orig/files/extra-patch-suexec_rsrclimit 1970-01-01 03:00:00.000000000 +0300
+++ www/apache20/files/extra-patch-suexec_rsrclimit 2010-05-14 10:12:37.000000000 +0400
@@ -0,0 +1,50 @@
+diff -Nru support/Makefile.in.orig1 support/Makefile.in
+--- support/Makefile.in.orig1 2010-05-14 10:05:11.000000000 +0400
++++ support/Makefile.in 2010-05-14 10:05:41.000000000 +0400
+@@ -57,7 +57,7 @@
+
+ suexec_OBJECTS = suexec.lo
+ suexec: $(suexec_OBJECTS)
+- $(LINK) $(suexec_OBJECTS)
++ $(LINK) -lutil $(suexec_OBJECTS)
+
+ httxt2dbm_OBJECTS = httxt2dbm.lo
+ httxt2dbm: $(httxt2dbm_OBJECTS)
+diff -Nru support/suexec.c.orig1 support/suexec.c
+--- support/suexec.c.orig1 2006-07-12 11:40:55.000000000 +0400
++++ support/suexec.c 2010-05-14 10:05:41.000000000 +0400
+@@ -37,6 +37,7 @@
+ #include <sys/param.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
++#include <login_cap.h>
+ #include <string.h>
+ #include <time.h>
+ #if APR_HAVE_UNISTD_H
+@@ -242,6 +243,7 @@
+ char *cmd; /* command to be executed */
+ char cwd[AP_MAXPATH]; /* current working directory */
+ char dwd[AP_MAXPATH]; /* docroot working directory */
++ login_cap_t *lc; /* user resource limits */
+ struct passwd *pw; /* password entry holder */
+ struct group *gr; /* group entry holder */
+ struct stat dir_info; /* directory info holder */
+@@ -448,6 +450,18 @@
+ }
+
+ /*
++ * Apply user resource limits based on login class.
++ */
++ if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
++ log_err("failed to login_getclassbyname()\n");
++ exit(109);
++ }
++ if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) {
++ log_err("failed to setusercontext()\n");
++ exit(109);
++ }
++
++ /*
+ * Change UID/GID here so that the following tests work over NFS.
+ *
+ * Initialize the group access list for the target user,
--------------040503090608000100060500--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201005140620.o4E6K4AX022012>