Merge r1617196, r1617201, r1618778, r1897269, r1927804 from trunk:

author Joe Orton <jorton@apache.org>

Mon, 1 Jun 2026 13:02:06 +0000 (13:02 +0000)

committer Joe Orton <jorton@apache.org>

Mon, 1 Jun 2026 13:02:06 +0000 (13:02 +0000)
author Joe Orton <jorton@apache.org>
Mon, 1 Jun 2026 13:02:06 +0000 (13:02 +0000)
committer Joe Orton <jorton@apache.org>
Mon, 1 Jun 2026 13:02:06 +0000 (13:02 +0000)
diff --git a/changes-entries/CoreDumpDirectory-freebsd11.txt b/changes-entries/CoreDumpDirectory-freebsd11.txt

new file mode 100644 (file)

index 0000000..e200f0c
--- /dev/null
+++ b/changes-entries/CoreDumpDirectory-freebsd11.txt
@@ -0,0 +1,2 @@
+  *) mod_unixd: CoreDumpDirectory requires enabling tracing on FreeBSD 11+.
+     PR 65819.  [David CARLIER <devnexen gmail.com>]
diff --git a/changes-entries/pr69767.txt b/changes-entries/pr69767.txt

new file mode 100644 (file)

index 0000000..de02414
--- /dev/null
+++ b/changes-entries/pr69767.txt
@@ -0,0 +1,3 @@
+  *) mod_unixd: Drop test that effective user ID is zero in
+     a chroot configuration.  PR 69767.
+     [Bastien Roucaries <rouca debian.org>]
diff --git a/configure.in b/configure.in

index d2a009d790204c8507cf74e94136bbd501c81abc..a4a9dba9c6b7867821747b5f99e9ac35526a388d 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -463,6 +463,7 @@ pwd.h \
  grp.h \
  strings.h \
  sys/prctl.h \
+sys/procctl.h \
  sys/processor.h \
  sys/sem.h \
  sys/sdt.h \
@@ -520,6 +521,7 @@ getgrnam \
  initgroups \
  bindprocessor \
  prctl \
+procctl \
  timegm \
  getpgid \
  fopen64 \
diff --git a/modules/arch/unix/mod_unixd.c b/modules/arch/unix/mod_unixd.c

index 1baa278c3fd0d3f27aa930dd14fb66e2b1b8dfaf..7a996aabe21b41fd40ba34387539b020b3c60110 100644 (file)
--- a/modules/arch/unix/mod_unixd.c
+++ b/modules/arch/unix/mod_unixd.c
@@ -50,6 +50,9 @@
  #ifdef HAVE_SYS_PRCTL_H
  #include <sys/prctl.h>
  #endif
+#ifdef HAVE_SYS_PROCCTL_H
+#include <sys/procctl.h>
+#endif
  
  #ifndef DEFAULT_USER
  #define DEFAULT_USER "#-1"
@@ -134,9 +137,13 @@ static int set_group_privs(void)
      return 0;
  }
  
-
  static int
  unixd_drop_privileges(apr_pool_t *pool, server_rec *s)
+{
+    return ap_unixd_setup_child();
+}
+
+AP_DECLARE(int) ap_unixd_setup_child(void)
  {
      int rv = set_group_privs();
  
@@ -145,13 +152,6 @@ unixd_drop_privileges(apr_pool_t *pool, server_rec *s)
      }
  
      if (NULL != ap_unixd_config.chroot_dir) {
-        if (geteuid()) {
-            rv = errno;
-            ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02158)
-                         "Cannot chroot when not started as root");
-            return rv;
-        }
-
          if (chdir(ap_unixd_config.chroot_dir) != 0) {
              rv = errno;
              ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02159)
@@ -198,6 +198,19 @@ unixd_drop_privileges(apr_pool_t *pool, server_rec *s)
          }
      }
  #endif
+#if defined(HAVE_PROCCTL) && defined(PROC_TRACE_CTL)
+    /* FreeBSD 11 and above */
+    if (ap_coredumpdir_configured) {
+        int enablecoredump = PROC_TRACE_CTL_ENABLE;
+        if (procctl(P_PID, 0, PROC_TRACE_CTL, &enablecoredump) != 0) {
+            rv = errno;
+            ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(10369)
+                         "set dumpable failed - this child will not coredump"
+                         " after software errors");
+            return rv;
+        }
+    }
+#endif
  
      return OK;
  }
@@ -326,58 +339,6 @@ unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
      return OK;
  }
  
-AP_DECLARE(int) ap_unixd_setup_child(void)
-{
-    if (set_group_privs()) {
-        return -1;
-    }
-
-    if (NULL != ap_unixd_config.chroot_dir) {
-        if (geteuid()) {
-            ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02164)
-                         "Cannot chroot when not started as root");
-            return -1;
-        }
-        if (chdir(ap_unixd_config.chroot_dir) != 0) {
-            ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02165)
-                         "Can't chdir to %s", ap_unixd_config.chroot_dir);
-            return -1;
-        }
-        if (chroot(ap_unixd_config.chroot_dir) != 0) {
-            ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02166)
-                         "Can't chroot to %s", ap_unixd_config.chroot_dir);
-            return -1;
-        }
-        if (chdir("/") != 0) {
-            ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02167)
-                         "Can't chdir to new root");
-            return -1;
-        }
-    }
-
-    /* Only try to switch if we're running as root */
-    if (!geteuid() && (
-#ifdef _OSD_POSIX
-        os_init_job_environment(NULL, ap_unixd_config.user_name, ap_exists_config_define("DEBUG")) != 0 ||
-#endif
-        setuid(ap_unixd_config.user_id) == -1)) {
-        ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02168)
-                    "setuid: unable to change to uid: %ld",
-                    (long) ap_unixd_config.user_id);
-        return -1;
-    }
-#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
-    /* this applies to Linux 2.4+ */
-    if (ap_coredumpdir_configured) {
-        if (prctl(PR_SET_DUMPABLE, 1)) {
-            ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02169)
-                         "set dumpable failed - this child will not coredump"
-                         " after software errors");
-        }
-    }
-#endif
-    return 0;
-}
  
  static void unixd_dump_config(apr_pool_t *p, server_rec *s)
  {
author	Joe Orton <jorton@apache.org>
	Mon, 1 Jun 2026 13:02:06 +0000 (13:02 +0000)
committer	Joe Orton <jorton@apache.org>
	Mon, 1 Jun 2026 13:02:06 +0000 (13:02 +0000)
changes-entries/CoreDumpDirectory-freebsd11.txt	[new file with mode: 0644]	patch \| blob
changes-entries/pr69767.txt	[new file with mode: 0644]	patch \| blob
configure.in		patch \| blob \| blame \| history
modules/arch/unix/mod_unixd.c		patch \| blob \| blame \| history