Correctly set suexec_enabled when httpd is run by non-root

PR 42175

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@791337 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 9ddb556e7e32991017ec722722e521c595190fa2..93d9f0c1f01944dcfdec557b275e3c7a367c10bb 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,10 @@ Changes with Apache 2.3.3
   *) SECURITY: CVE-2009-1191 (cve.mitre.org)
      mod_proxy_ajp: Avoid delivering content from a previous request which
      failed to send a request body. PR 46949 [Ruediger Pluem]
+
+  *) mod_suexec: correctly set suexec_enabled when httpd is run by a
+     non-root user and may have insufficient permissions.
+     PR 42175 [Jim Radford <radford blackbean.org>]
  
   *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
      type.  PR 45107.  [Michael Ströder <michael stroeder.com>,

diff --git a/modules/arch/unix/mod_unixd.c b/modules/arch/unix/mod_unixd.c
index 31dec8568c42b5f1448f8dc3b2ee58f203dacef7..bb4c6788e2dfa2a1012172a153de9834effce6e7 100644 (file)
--- a/modules/arch/unix/mod_unixd.c
+++ b/modules/arch/unix/mod_unixd.c
@@ -272,7 +272,8 @@ unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
     ap_unixd_config.suexec_enabled = 0;
     if ((apr_stat(&wrapper, SUEXEC_BIN, APR_FINFO_NORM, ptemp))
          == APR_SUCCESS) {
-        if ((wrapper.protection & APR_USETID) && wrapper.user == 0) {
+        if ((wrapper.protection & APR_USETID) && wrapper.user == 0
+            && (access(SUEXEC_BIN, R_OK|X_OK) == 0)) {
             ap_unixd_config.suexec_enabled = 1;
         }
     }