From: Jim Jagielski Date: Sat, 21 Sep 2002 17:18:34 +0000 (+0000) Subject: Add the ShmemUIDisUser directive and logic. Apache does not require X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0fa7cef42285e5e1f49fec55642ad288fea49b7;p=thirdparty%2Fapache%2Fhttpd.git Add the ShmemUIDisUser directive and logic. Apache does not require that the SysV shared memory segment be reset to the uid/gid of User/Group. In fact, it's not wise that it do so. However, there are some 3rd party "add ons" that require/expect this behavior... So allow admins to do so, assuming they know the impacts. PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@96941 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/src/CHANGES b/src/CHANGES index ca4271abf09..18e01a411f6 100644 --- a/src/CHANGES +++ b/src/CHANGES @@ -1,5 +1,12 @@ Changes with Apache 1.3.27 + *) Add the new directive 'ShmemUIDisUser'. By default, Apache + will no longer set the uid/gid of SysV shared memory scoreboard + to User/Group, and it will therefore stay the uid/gid of + the parent Apache process. This is actually the way it should + be, however, some implementations may still require this, which + can be enabled by 'ShmemUIDisUser On'. [Jim Jagielski] + *) Fix a problem with the definition of union semun which broke System V semaphores on systems where sizeof(int) != sizeof(long). PR 12072 [] diff --git a/src/include/http_conf_globals.h b/src/include/http_conf_globals.h index a33fddc8776..6e0108b5f50 100644 --- a/src/include/http_conf_globals.h +++ b/src/include/http_conf_globals.h @@ -104,6 +104,7 @@ extern API_VAR_EXPORT char *ap_server_argv0; extern enum server_token_type ap_server_tokens; extern int ap_protocol_req_check; +extern int ap_change_shmem_uid; /* Trying to allocate these in the config pool gets us into some *nasty* * chicken-and-egg problems in http_main.c --- where do you stick them diff --git a/src/main/http_core.c b/src/main/http_core.c index b993a55133a..a2910aec29e 100644 --- a/src/main/http_core.c +++ b/src/main/http_core.c @@ -2790,6 +2790,18 @@ static const char *set_protocol_req_check(cmd_parms *cmd, return NULL; } +static const char *set_change_shmem_uid(cmd_parms *cmd, + core_dir_config *d, int arg) +{ + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + + ap_change_shmem_uid = arg != 0; + return NULL; +} + /* * Handle a request to include the server's OS platform in the Server * response header field (the ServerTokens directive). Unfortunately @@ -3424,6 +3436,8 @@ static const command_rec core_cmds[] = { "Limit (in bytes) on maximum size of request message body" }, { "ProtocolReqCheck", set_protocol_req_check, NULL, RSRC_CONF, FLAG, "Enable strict checking of Protocol type in requests" }, +{ "ShmemUIDisUser", set_change_shmem_uid, NULL, RSRC_CONF, FLAG, + "Enable the setting of SysV shared memory scoreboard uid/gid to User/Group" }, { "AcceptMutex", set_accept_mutex, NULL, RSRC_CONF, TAKE1, "Serialized Accept Mutex; the methods " #ifdef HAVE_USLOCK_SERIALIZED_ACCEPT diff --git a/src/main/http_main.c b/src/main/http_main.c index 0c9333d89d9..769778e188f 100644 --- a/src/main/http_main.c +++ b/src/main/http_main.c @@ -402,6 +402,8 @@ enum server_token_type ap_server_tokens = SrvTk_FULL; /* Also global, for http_core and http_protocol */ int ap_protocol_req_check = 1; +int ap_change_shmem_uid = 0; + /* * This routine is called when the pconf pool is vacuumed. It resets the * server version string to a known value and [re]enables modifications @@ -2330,7 +2332,9 @@ static void setup_shared_mem(pool *p) * We exit below, after we try to remove the segment */ } - else { /* only worry about permissions if we attached the segment */ + /* only worry about permissions if we attached the segment + and we want/need to change the uid/gid */ + else if (ap_change_shmem_uid) { if (shmctl(shmid, IPC_STAT, &shmbuf) != 0) { ap_log_error(APLOG_MARK, APLOG_ERR, server_conf, "shmctl() could not stat segment #%d", shmid);