From: Ken Coar <coar@apache.org>
Date: Sun, 11 Mar 2001 23:22:32 +0000 (+0000)
Subject: 	Bring forward the suexec umask setting option from 1.3, and
X-Git-Tag: 2.0.15~51
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef5bf37c4d126bc1365dea25c8ddfb4c4604fafb;p=thirdparty%2Fapache%2Fhttpd.git

	Bring forward the suexec umask setting option from 1.3, and
	also fix some configure.in bits that would define macros
	that needed to be numbers as strings instead.

Obtained from:	Apache HTTP Server 1.3


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88493 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index b5dcb8d6b98..f11056ad7a1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 2.0.15-dev
 
+  *) Bring forward the --suexec-umask option which allows the
+     builder to preset the umask for suexec processes.  [Ken Coar]
+
   *) Add a -V flag to suexec, which causes it to display the
      compile-time settings with which it was built.  (Only
      usable by root or the AP_HTTPD_USER username.)  [Ken Coar]
diff --git a/configure.in b/configure.in
index d4f504cba1b..0adceeea485 100644
--- a/configure.in
+++ b/configure.in
@@ -183,11 +183,11 @@ AC_ARG_WITH(suexec-docroot,
 
 AC_ARG_WITH(suexec-uidmin,
 [  --with-suexec-uidmin    Minimal allowed UID],[
-  AC_DEFINE_UNQUOTED(AP_UID_MIN, "$withval", [Minimal allowed UID] ) ] )
+  AC_DEFINE_UNQUOTED(AP_UID_MIN, $withval, [Minimum allowed UID] ) ] )
 
 AC_ARG_WITH(suexec-gidmin,
 [  --with-suexec-gidmin    Minimal allowed GID],[
-  AC_DEFINE_UNQUOTED(AP_GID_MIN, "$withval", [Minimal allowed GID] ) ] )
+  AC_DEFINE_UNQUOTED(AP_GID_MIN, $withval, [Minimum allowed GID] ) ] )
 
 AC_ARG_WITH(suexec-logfile,
 [  --with-suexec-logfile   Set the logfile],[
@@ -197,6 +197,10 @@ AC_ARG_WITH(suexec-safepath,
 [  --with-suexec-safepath  Set the safepath],[
   AC_DEFINE_UNQUOTED(AP_SAFE_PATH, "$withval", [safe shell path for SuExec] ) ] )
 
+AC_ARG_WITH(suexec-umask,
+[  --with-suexec-umask     umask for suexec'd process],[
+  AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] )
+
 dnl AP_LIB_DIRS specifies the additional libs from srclib/ that we need
 dnl AP_LIBS specifies the actual libraries. note we have some required libs.
 AP_LIBS="srclib/pcre/libpcre.la srclib/apr-util/libaprutil.la $AP_LIBS"
diff --git a/support/suexec.c b/support/suexec.c
index 882608ca6f0..8550ba9abef 100644
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -301,11 +301,11 @@ int main(int argc, char *argv[])
 #ifdef AP_LOG_EXEC
         fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC);
 #endif
-#ifdef SAFE_PATH
-        fprintf(stderr, " -D SAFE_PATH=\"%s\"\n", SAFE_PATH);
+#ifdef AP_SAFE_PATH
+        fprintf(stderr, " -D AP_SAFE_PATH=\"%s\"\n", AP_SAFE_PATH);
 #endif
-#ifdef SUEXEC_UMASK
-        fprintf(stderr, " -D SUEXEC_UMASK=%03o\n", SUEXEC_UMASK);
+#ifdef AP_SUEXEC_UMASK
+        fprintf(stderr, " -D AP_SUEXEC_UMASK=%03o\n", AP_SUEXEC_UMASK);
 #endif
 #ifdef AP_UID_MIN
         fprintf(stderr, " -D AP_UID_MID=%d\n", AP_UID_MIN);
@@ -580,6 +580,16 @@ int main(int argc, char *argv[])
 	exit(121);
     }
 
+#ifdef AP_SUEXEC_UMASK
+    /*
+     * umask() uses inverse logic; bits are CLEAR for allowed access.
+     */
+    if ((~AP_SUEXEC_UMASK) & 0022) {
+        log_err("notice: AP_SUEXEC_UMASK of %03o allows "
+                "write permission to group and/or other\n", AP_SUEXEC_UMASK);
+    }
+    umask(AP_SUEXEC_UMASK);
+#endif /* AP_SUEXEC_UMASK */
     clean_env();
 
     /*