diff options
| author | Philip M. Gollucci <pgollucci@FreeBSD.org> | 2010-05-15 02:52:32 +0800 |
|---|---|---|
| committer | Philip M. Gollucci <pgollucci@FreeBSD.org> | 2010-05-15 02:52:32 +0800 |
| commit | a2d781870f9fabe1823f02c24ec44a2ab76bbc25 (patch) | |
| tree | f4edb4f05cce43a1a603974f0e809d20017558d4 | |
| parent | e3ff961defba66981ff223a32f8975846946b2a9 (diff) | |
| download | freebsd-ports-gnome-a2d781870f9fabe1823f02c24ec44a2ab76bbc25.tar.gz freebsd-ports-gnome-a2d781870f9fabe1823f02c24ec44a2ab76bbc25.tar.zst freebsd-ports-gnome-a2d781870f9fabe1823f02c24ec44a2ab76bbc25.zip | |
By default suexec doesn't enforces different resource limitations configured in
login.conf(5). This is probably because resource limitations are handled
differently on various different platforms.
This modifies suexec behaviour to set resource limits for CGI's
from /etc/login.conf before execing the customers CGI script.
Doesn't affect default package, so no PORTREVISION bumps.
I will follow up at dev@httpd.apache.org to see about adding this
with #ifdefs.
PR: ports/136928
Submitted by: Alexey V.Degtyarev <alexey@renatasystems.org>
With Hat: apache@
| -rw-r--r-- | www/apache20/Makefile | 8 | ||||
| -rw-r--r-- | www/apache20/files/extra-patch-suexec_rsrclimit | 50 |
2 files changed, 58 insertions, 0 deletions
diff --git a/www/apache20/Makefile b/www/apache20/Makefile index 07ea290dbab5..33235686ccac 100644 --- a/www/apache20/Makefile +++ b/www/apache20/Makefile @@ -68,6 +68,14 @@ USE_BZIP2= yes MPM_ITK_VERSION?= 20061030-01 +.if defined(WITH_SUEXEC_RSRCLIMIT) +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-suexec_rsrclimit +.if !defined(WITH_SUEXEC) +IGNORE= suEXEC resource limit patch requires mod_suexec.\ + Please add 'WITH_SUEXEC=YES' to you /etc/make.conf +.endif +.endif + CONFIGURE_ARGS= --prefix=${PREFIX_RELDEST} \ --enable-layout=FreeBSD \ --with-perl=${PERL5} \ diff --git a/www/apache20/files/extra-patch-suexec_rsrclimit b/www/apache20/files/extra-patch-suexec_rsrclimit new file mode 100644 index 000000000000..f6ef9d765cf5 --- /dev/null +++ b/www/apache20/files/extra-patch-suexec_rsrclimit @@ -0,0 +1,50 @@ +diff -Nru support/Makefile.in.orig1 support/Makefile.in +--- support/Makefile.in.orig1 2010-05-14 10:05:11.000000000 +0400 ++++ support/Makefile.in 2010-05-14 10:05:41.000000000 +0400 +@@ -57,7 +57,7 @@ + + suexec_OBJECTS = suexec.lo + suexec: $(suexec_OBJECTS) +- $(LINK) $(suexec_OBJECTS) ++ $(LINK) -lutil $(suexec_OBJECTS) + + httxt2dbm_OBJECTS = httxt2dbm.lo + httxt2dbm: $(httxt2dbm_OBJECTS) +diff -Nru support/suexec.c.orig1 support/suexec.c +--- support/suexec.c.orig1 2006-07-12 11:40:55.000000000 +0400 ++++ support/suexec.c 2010-05-14 10:05:41.000000000 +0400 +@@ -37,6 +37,7 @@ + #include <sys/param.h> + #include <sys/stat.h> + #include <sys/types.h> ++#include <login_cap.h> + #include <string.h> + #include <time.h> + #if APR_HAVE_UNISTD_H +@@ -242,6 +243,7 @@ + char *cmd; /* command to be executed */ + char cwd[AP_MAXPATH]; /* current working directory */ + char dwd[AP_MAXPATH]; /* docroot working directory */ ++ login_cap_t *lc; /* user resource limits */ + struct passwd *pw; /* password entry holder */ + struct group *gr; /* group entry holder */ + struct stat dir_info; /* directory info holder */ +@@ -448,6 +450,18 @@ + } + + /* ++ * Apply user resource limits based on login class. ++ */ ++ if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) { ++ log_err("failed to login_getclassbyname()\n"); ++ exit(109); ++ } ++ if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) { ++ log_err("failed to setusercontext()\n"); ++ exit(109); ++ } ++ ++ /* + * Change UID/GID here so that the following tests work over NFS. + * + * Initialize the group access list for the target user, |