From: André Malo <nd@apache.org>
Date: Wed, 26 May 2004 23:03:13 +0000 (+0000)
Subject: Readd suexec setuid and user check (now APR supports it)
X-Git-Tag: 2.0.50~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6ff0f1a3f254a2d04d46d1d69aa39c250d270886;p=thirdparty%2Fapache%2Fhttpd.git

Readd suexec setuid and user check (now APR supports it)

Reviewed by: Jeff Trawick, Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@103787 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 0824c7aa162..266a45d526c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,10 @@
 Changes with Apache 2.0.50
 
+  *) Regression from 1.3: At startup, suexec now will be checked for
+     availability, the setuid bit and user root. The works only if
+     httpd is compiled with the shipped APR version (0.9.5).
+     [André Malo]
+
   *) Unix MPMs: Stop dropping connections when the file descriptor
      is at least FD_SETSIZE.  [Jeff Trawick]
 
diff --git a/STATUS b/STATUS
index ed9fb056244..9e24fc6a937 100644
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/05/26 18:08:34 $]
+Last modified at [$Date: 2004/05/26 23:03:12 $]
 
 Release:
 
@@ -117,12 +117,6 @@ PATCHES TO BACKPORT FROM 2.1
        PR: 22030, 18348
        +1: jorton, trawick
 
-    *) Readd suexec setuid and user check (now APR supports it)
-         os/unix/unixd.c: r1.69
-       +1: nd, trawick
-       +1: jorton, if surrounded with #ifdef APR_USETID to retain
-           compatibility with APR <0.9.5
-
     *) Prevent Win32 pool corruption at startup
          server/mpm/winnt/child.c: r1.36 
        +1: ake, trawick, nd
diff --git a/os/unix/unixd.c b/os/unix/unixd.c
index 18589ecfc28..f308667d289 100644
--- a/os/unix/unixd.c
+++ b/os/unix/unixd.c
@@ -213,10 +213,14 @@ AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp)
         return;
     }
 
-    /* XXX - apr_stat is incapable of checking suid bits (grumble) */
-    /* if ((wrapper.filetype & S_ISUID) && wrapper.user == 0) { */
+/* since APR 0.9.5 */
+#ifdef APR_USETID
+    if ((wrapper.protection & APR_USETID) && wrapper.user == 0) {
+#endif
         unixd_config.suexec_enabled = 1;
-    /* } */
+#ifdef APR_USETID
+    }
+#endif
 }