[Remove entries to the current 2.0 section below, when backported]
+ *) Let suexec send a message to stderr, if it failed or its policy
+ was violated. This message appears in the error log and allows
+ for easier debugging. PR 10773. [André Malo]
+
*) Try to log an error if a piped log program fails. Try to
restart a piped log program in more failure situations. PR 15761
[Jeff Trawick]
};
-static void err_output(const char *fmt, va_list ap)
+static void err_output(int is_error, const char *fmt, va_list ap)
{
#ifdef AP_LOG_EXEC
time_t timevar;
if (!log) {
if ((log = fopen(AP_LOG_EXEC, "a")) == NULL) {
- fprintf(stderr, "failed to open log file\n");
+ fprintf(stderr, "suexec failure: could not open log file\n");
perror("fopen");
exit(1);
}
}
+ if (is_error) {
+ fprintf(stderr, "suexec policy violation: see suexec log for more "
+ "details\n");
+ }
+
time(&timevar);
lt = localtime(&timevar);
va_list ap;
va_start(ap, fmt);
- err_output(fmt, ap);
+ err_output(1, fmt, ap); /* 1 == is_error */
+ va_end(ap);
+#endif /* AP_LOG_EXEC */
+ return;
+}
+
+static void log_no_err(const char *fmt,...)
+{
+#ifdef AP_LOG_EXEC
+ va_list ap;
+
+ va_start(ap, fmt);
+ err_output(0, fmt, ap); /* 0 == !is_error */
va_end(ap);
#endif /* AP_LOG_EXEC */
return;
* Log the transaction here to be sure we have an open log
* before we setuid().
*/
- log_err("uid: (%s/%s) gid: (%s/%s) cmd: %s\n",
- target_uname, actual_uname,
- target_gname, actual_gname,
- cmd);
+ log_no_err("uid: (%s/%s) gid: (%s/%s) cmd: %s\n",
+ target_uname, actual_uname,
+ target_gname, actual_gname,
+ cmd);
/*
* Error out if attempt is made to execute as root or as
projects / apache / commitdiff