From: André Malo <nd@apache.org>
Date: Mon, 10 Feb 2003 03:37:22 +0000 (+0000)
Subject: Let suexec send a message to stderr, if it failed or its policy
X-Git-Tag: pre_ajp_proxy~2169
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e833dc0afc98b0ec5ec5e487baf8ce940407799b;p=apache

Let suexec send a message to stderr, if it failed or its policy
was violated. This message appears in the error log and allows
for easier debugging.

PR: 10773
Proposed again by: Joshua Slive


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98603 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index fb7ac8bca0..a2878c3a2a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) Let suexec send a message to stderr, if it failed or its policy
+     was violated. This message appears in the error log and allows
+     for easier debugging. PR 10773.  [André Malo]
+
   *) Try to log an error if a piped log program fails.  Try to
      restart a piped log program in more failure situations.  PR 15761
      [Jeff Trawick]
diff --git a/support/suexec.c b/support/suexec.c
index ec04312787..cde32e6783 100644
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -170,7 +170,7 @@ char *safe_env_lst[] =
 };
 
 
-static void err_output(const char *fmt, va_list ap)
+static void err_output(int is_error, const char *fmt, va_list ap)
 {
 #ifdef AP_LOG_EXEC
     time_t timevar;
@@ -178,12 +178,17 @@ static void err_output(const char *fmt, va_list ap)
 
     if (!log) {
         if ((log = fopen(AP_LOG_EXEC, "a")) == NULL) {
-            fprintf(stderr, "failed to open log file\n");
+            fprintf(stderr, "suexec failure: could not open log file\n");
             perror("fopen");
             exit(1);
         }
     }
 
+    if (is_error) {
+        fprintf(stderr, "suexec policy violation: see suexec log for more "
+                        "details\n");
+    }
+
     time(&timevar);
     lt = localtime(&timevar);
 
@@ -204,7 +209,19 @@ static void log_err(const char *fmt,...)
     va_list ap;
 
     va_start(ap, fmt);
-    err_output(fmt, ap);
+    err_output(1, fmt, ap); /* 1 == is_error */
+    va_end(ap);
+#endif /* AP_LOG_EXEC */
+    return;
+}
+
+static void log_no_err(const char *fmt,...)
+{
+#ifdef AP_LOG_EXEC
+    va_list ap;
+
+    va_start(ap, fmt);
+    err_output(0, fmt, ap); /* 0 == !is_error */
     va_end(ap);
 #endif /* AP_LOG_EXEC */
     return;
@@ -441,10 +458,10 @@ int main(int argc, char *argv[])
      * Log the transaction here to be sure we have an open log 
      * before we setuid().
      */
-    log_err("uid: (%s/%s) gid: (%s/%s) cmd: %s\n",
-            target_uname, actual_uname,
-            target_gname, actual_gname,
-            cmd);
+    log_no_err("uid: (%s/%s) gid: (%s/%s) cmd: %s\n",
+               target_uname, actual_uname,
+               target_gname, actual_gname,
+               cmd);
 
     /*
      * Error out if attempt is made to execute as root or as