Received: (qmail 24465 invoked by uid 501); 7 Oct 2000 04:29:04 -0000 Message-Id: <20001007042904.24464.qmail@locus.apache.org> Date: 7 Oct 2000 04:29:04 -0000 From: Ben Goodwin Reply-To: ben@atomicmatrix.net To: submit@bugz.apache.org Subject: suexec doesn't use setusercontext() and related X-Send-Pr-Version: 3.110 >Number: 6637 >Category: suexec >Synopsis: suexec doesn't use setusercontext() and related >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: apache >Arrival-Date: Fri Oct 06 21:30:00 PDT 2000 >Closed-Date: Thu Oct 19 01:44:16 PDT 2000 >Last-Modified: Thu Oct 19 01:44:16 PDT 2000 >Originator: ben@atomicmatrix.net >Release: 1.3.12 >Organization: >Environment: FreeBSD - all version. My version is 4.1 (base). GNU cc.. >Description: FreeBSD (probably other BSD flavors.. I don't know what O/S'es have this functionality) employs a login capabilities database wherein certain classes of users can have limits imposed upon them, such as max cpu time, memory, # of procs, filesize, etc. It's a wonderful addition to my suexec (see patch below; I'm sure it needs to be MUCH better than what I've done for general distribution) - it helps prevent runaway cgi's. If you need more info on these routines or a platform or anything, I'll lend a hand. Thanks! >How-To-Repeat: >Fix: > diff -u suexec.c suexec.c.orig --- suexec.c Sat Sep 2 18:08:04 2000 +++ suexec.c.orig Sat Sep 2 16:28:54 2000 @@ -90,10 +90,6 @@ #include -/* LOCAL CODE ADDITION */ -#include -/* END LOCAL CODE ADDITION */ - #include "suexec.h" /* @@ -441,22 +437,6 @@ log_err("emerg: failed to setuid (%ld: %s)\n", uid, cmd); exit(110); } - - /* - * (LOCAL CODE ADDITION) - * setusercontext() so login.conf's settings take effect - * Above, there's a comment that says: - * Save these for later since initgroups will hose the struct - * Which means that the 'pw' struct should be hosed by now.. but - * I don't see why, and this seems to work fine, at least for FreeBSD - */ - - if ((setusercontext(NULL, pw, uid, LOGIN_SETRESOURCES)) != 0) { - log_err("emerg: Failed to setusercontext(%ld: %s)\n", uid, cmd); - exit(130); - } - - /* END LOCAL CODE ADDITION */ /* * Get the current working directory, as well as the proper >Release-Note: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: fanf State-Changed-When: Thu Oct 19 01:44:16 PDT 2000 State-Changed-Why: the patch in pr#6673 is better so i'm closing this pr. >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]