From: Nick Kew Date: Sun, 5 Jul 2009 23:10:30 +0000 (+0000) Subject: Correctly set suexec_enabled when httpd is run by non-root X-Git-Tag: 2.3.3~478 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=777f02ed581cd3525c8ae81f1d24ac312cbdb6f8;p=thirdparty%2Fapache%2Fhttpd.git Correctly set suexec_enabled when httpd is run by non-root PR 42175 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@791337 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 9ddb556e7e3..93d9f0c1f01 100644 --- a/CHANGES +++ b/CHANGES @@ -10,6 +10,10 @@ Changes with Apache 2.3.3 *) SECURITY: CVE-2009-1191 (cve.mitre.org) mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body. PR 46949 [Ruediger Pluem] + + *) mod_suexec: correctly set suexec_enabled when httpd is run by a + non-root user and may have insufficient permissions. + PR 42175 [Jim Radford ] *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute type. PR 45107. [Michael Ströder , diff --git a/modules/arch/unix/mod_unixd.c b/modules/arch/unix/mod_unixd.c index 31dec8568c4..bb4c6788e2d 100644 --- a/modules/arch/unix/mod_unixd.c +++ b/modules/arch/unix/mod_unixd.c @@ -272,7 +272,8 @@ unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog, ap_unixd_config.suexec_enabled = 0; if ((apr_stat(&wrapper, SUEXEC_BIN, APR_FINFO_NORM, ptemp)) == APR_SUCCESS) { - if ((wrapper.protection & APR_USETID) && wrapper.user == 0) { + if ((wrapper.protection & APR_USETID) && wrapper.user == 0 + && (access(SUEXEC_BIN, R_OK|X_OK) == 0)) { ap_unixd_config.suexec_enabled = 1; } }