-diff -urNp httpd-2.2.8.orig/support/suexec.c httpd-2.2.8/support/suexec.c
---- httpd-2.2.8.orig/support/suexec.c 2006-07-12 05:38:44.000000000 +0200
-+++ httpd-2.2.8/support/suexec.c 2008-05-13 21:04:25.000000000 +0200
-@@ -245,6 +245,21 @@ static void clean_env(void)
+--- httpd-2.4.1/support/suexec.c.orig 2011-07-13 21:11:21.000000000 +0200
++++ httpd-2.4.1/support/suexec.c 2012-02-22 00:26:17.549340557 +0100
+@@ -234,6 +234,21 @@
environ = cleanenv;
}
int main(int argc, char *argv[])
{
int userdir = 0; /* ~userdir flag */
-@@ -261,6 +276,7 @@ int main(int argc, char *argv[])
+@@ -249,6 +264,7 @@
char dwd[AP_MAXPATH]; /* docroot working directory */
struct passwd *pw; /* password entry holder */
struct group *gr; /* group entry holder */
struct stat dir_info; /* directory info holder */
struct stat prg_info; /* program info holder */
-@@ -270,6 +286,7 @@ int main(int argc, char *argv[])
- clean_env();
-
- prog = argv[0];
-+
- /*
- * Check existence/validity of the UID of the user
- * running this program. Error out if invalid.
-@@ -382,8 +399,23 @@ int main(int argc, char *argv[])
+@@ -369,8 +385,23 @@
}
else {
if ((pw = getpwuid(atoi(target_uname))) == NULL) {
+ * If called as suexec.fcgi ignore if there is no passwd
+ * entry for specified UID. Also bail out if UID = 0.
+ */
-+ if(!strcmp(base_pathname(prog),"suexec.fcgi")) {
++ if(!strcmp(base_pathname(argv[0]),"suexec.fcgi")) {
+ tpw.pw_name = strdup(target_uname);
+ tpw.pw_uid = atoi(target_uname);
+ tpw.pw_dir = (char *)"/tmp";
}
}
-@@ -560,20 +592,24 @@ int main(int argc, char *argv[])
+@@ -549,20 +580,24 @@
}
/*
+ * name/group is different from the name/group of the cwd
+ * or the program.
+ */
-+ if(strcmp(base_pathname(prog),"suexec.fcgi")) {
++ if(strcmp(base_pathname(argv[0]),"suexec.fcgi")) {
+ if ((uid != dir_info.st_uid) ||
+ (gid != dir_info.st_gid) ||
+ (uid != prg_info.st_uid) ||
TLD / packages / apache.git / blobdiff