www/apache22/files/extra-patch-suexec_userdir


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

--- modules/generators/mod_suexec.c.orig    2006-07-11 22:38:44.000000000 -0500
+++ modules/generators/mod_suexec.c 2010-02-05 23:22:23.000000000 -0600
@@ -57,10 +57,11 @@
 }
 
 static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig,
-                                   const char *uid, const char *gid)
+                                   const char *uid, const char *gid,
+                                   int userdir)
 {
     suexec_config_t *cfg = (suexec_config_t *) mconfig;
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
+    const char *err = ap_check_cmd_context(cmd, NOT_IN_LOCATION|NOT_IN_FILES|NOT_IN_LIMIT);
 
     if (err != NULL) {
         return err;
@@ -68,7 +69,7 @@
     if (unixd_config.suexec_enabled) {
         cfg->ugid.uid = ap_uname2id(uid);
         cfg->ugid.gid = ap_gname2id(gid);
-        cfg->ugid.userdir = 0;
+        cfg->ugid.userdir = userdir;
         cfg->active = 1;
     }
     else {
@@ -78,6 +79,18 @@
     return NULL;
 }
 
+static const char *set_suexec_ugid_nouserdir(cmd_parms *cmd, void *mconfig,
+                                             const char *uid, const char *gid)
+{
+    return set_suexec_ugid(cmd, mconfig, uid, gid, 0);
+}
+
+static const char *set_suexec_ugid_userdir(cmd_parms *cmd, void *mconfig,
+                                           const char *uid, const char *gid)
+{
+    return set_suexec_ugid(cmd, mconfig, uid, gid, 1);
+}
+
 static ap_unix_identity_t *get_suexec_id_doer(const request_rec *r)
 {
     suexec_config_t *cfg =
@@ -115,7 +128,9 @@
 {
     /* XXX - Another important reason not to allow this in .htaccess is that
      * the ap_[ug]name2id() is not thread-safe */
-    AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL, RSRC_CONF,
+    AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid_nouserdir, NULL, RSRC_CONF|ACCESS_CONF,
+      "User and group for spawned processes"),
+    AP_INIT_TAKE2("SuexecUserdir", set_suexec_ugid_userdir, NULL, RSRC_CONF|ACCESS_CONF,
       "User and group for spawned processes"),
     { NULL }
 };