From owner-freebsd-apache@FreeBSD.ORG  Fri May 14 06:20:05 2010
Return-Path: <owner-freebsd-apache@FreeBSD.ORG>
Delivered-To: apache@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 59CDC106566B
	for <apache@hub.freebsd.org>; Fri, 14 May 2010 06:20:05 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (unknown [IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 49E5F8FC14
	for <apache@hub.freebsd.org>; Fri, 14 May 2010 06:20:05 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o4E6K45j022015
	for <apache@freefall.freebsd.org>; Fri, 14 May 2010 06:20:04 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o4E6K4AX022012;
	Fri, 14 May 2010 06:20:04 GMT (envelope-from gnats)
Date: Fri, 14 May 2010 06:20:04 GMT
Message-Id: <201005140620.o4E6K4AX022012@freefall.freebsd.org>
To: apache@FreeBSD.org
From: Alex Keda <admin@lissyara.su>
Cc: 
Subject: Re: ports/136928: [PATCH] www/apache20 - suexec resource limits
	patch
X-BeenThere: freebsd-apache@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Alex Keda <admin@lissyara.su>
List-Id: Support of apache-related ports  <freebsd-apache.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-apache>, 
	<mailto:freebsd-apache-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-apache>
List-Post: <mailto:freebsd-apache@freebsd.org>
List-Help: <mailto:freebsd-apache-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-apache>,
	<mailto:freebsd-apache-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 May 2010 06:20:05 -0000

The following reply was made to PR ports/136928; it has been noted by GNATS.

From: Alex Keda <admin@lissyara.su>
To: bug-followup@FreeBSD.org, admin@lissyara.su, pgollucci@FreeBSD.org
Cc:  
Subject: Re: ports/136928: [PATCH] www/apache20 - suexec resource limits patch
Date: Fri, 14 May 2010 10:16:26 +0400

 This is a multi-part message in MIME format.
 --------------040503090608000100060500
 Content-Type: text/plain; charset=windows-1251; format=flowed
 Content-Transfer-Encoding: 7bit
 
 I rewrite with option.
 See attached file.
 
 --------------040503090608000100060500
 Content-Type: text/plain;
  name="apache20.suexec.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename="apache20.suexec.diff"
 
 diff -Nru www/apache20.orig/Makefile www/apache20/Makefile
 --- www/apache20.orig/Makefile	2010-05-13 08:36:07.000000000 +0400
 +++ www/apache20/Makefile	2010-05-14 10:11:27.000000000 +0400
 @@ -166,6 +166,14 @@
  .   endif
  .endif
  
 +.if defined(WITH_SUEXEC_RSRCLIMIT)
 +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-suexec_rsrclimit
 +.	if !defined(WITH_SUEXEC)
 +IGNORE=		suEXEC resource limit patch requires mod_suexec.\
 +		Please add 'WITH_SUEXEC=YES' to you /etc/make.conf
 +.	endif
 +.endif
 +
  CONFIGURE_ARGS+=	--with-mpm=${WITH_MPM:L}
  
  show-options:
 diff -Nru www/apache20.orig/files/extra-patch-suexec_rsrclimit www/apache20/files/extra-patch-suexec_rsrclimit
 --- www/apache20.orig/files/extra-patch-suexec_rsrclimit	1970-01-01 03:00:00.000000000 +0300
 +++ www/apache20/files/extra-patch-suexec_rsrclimit	2010-05-14 10:12:37.000000000 +0400
 @@ -0,0 +1,50 @@
 +diff -Nru support/Makefile.in.orig1 support/Makefile.in
 +--- support/Makefile.in.orig1	2010-05-14 10:05:11.000000000 +0400
 ++++ support/Makefile.in	2010-05-14 10:05:41.000000000 +0400
 +@@ -57,7 +57,7 @@
 + 
 + suexec_OBJECTS = suexec.lo
 + suexec: $(suexec_OBJECTS)
 +-	$(LINK) $(suexec_OBJECTS)
 ++	$(LINK) -lutil $(suexec_OBJECTS)
 + 
 + httxt2dbm_OBJECTS = httxt2dbm.lo
 + httxt2dbm: $(httxt2dbm_OBJECTS)
 +diff -Nru support/suexec.c.orig1 support/suexec.c
 +--- support/suexec.c.orig1	2006-07-12 11:40:55.000000000 +0400
 ++++ support/suexec.c	2010-05-14 10:05:41.000000000 +0400
 +@@ -37,6 +37,7 @@
 + #include <sys/param.h>
 + #include <sys/stat.h>
 + #include <sys/types.h>
 ++#include <login_cap.h>
 + #include <string.h>
 + #include <time.h>
 + #if APR_HAVE_UNISTD_H
 +@@ -242,6 +243,7 @@
 +     char *cmd;              /* command to be executed    */
 +     char cwd[AP_MAXPATH];   /* current working directory */
 +     char dwd[AP_MAXPATH];   /* docroot working directory */
 ++    login_cap_t *lc;        /* user resource limits      */
 +     struct passwd *pw;      /* password entry holder     */
 +     struct group *gr;       /* group entry holder        */
 +     struct stat dir_info;   /* directory info holder     */
 +@@ -448,6 +450,18 @@
 +     }
 + 
 +     /*
 ++     * Apply user resource limits based on login class.
 ++     */
 ++    if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
 ++               log_err("failed to login_getclassbyname()\n");
 ++               exit(109);
 ++       }
 ++       if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) {
 ++               log_err("failed to setusercontext()\n");
 ++               exit(109);
 ++       }
 ++
 ++    /*
 +      * Change UID/GID here so that the following tests work over NFS.
 +      *
 +      * Initialize the group access list for the target user,
 
 --------------040503090608000100060500--