From 5c1dcb86b3e23d89549cb2bad490ed2e199fd395 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Thu, 8 May 2008 00:09:53 +0000
Subject: [PATCH] *) mod_cgid: Explicitly set permissions of the socket
 (ScriptSock) shared by    mod_cgid and request processing threads, for OS'es
 such as HPUX and AIX    that do not use umask for AF_UNIX socket permissions.
    [Eric Covener, Jeff Trawick]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@654332 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                       |  5 +++++
 modules/generators/mod_cgid.c | 10 ++++++++++
 2 files changed, 15 insertions(+)

diff --git a/CHANGES b/CHANGES
index bdb4c6a147..09ac6fa9d2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,11 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) mod_cgid: Explicitly set permissions of the socket (ScriptSock) shared by
+     mod_cgid and request processing threads, for OS'es such as HPUX and AIX
+     that do not use umask for AF_UNIX socket permissions.
+     [Eric Covener, Jeff Trawick]
+
   *) mod_cgid: Don't try to restart the daemon if it fails to initialize
      the socket.  [Jeff Trawick]
 
diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c
index 670a4734b1..c825e3680f 100644
--- a/modules/generators/mod_cgid.c
+++ b/modules/generators/mod_cgid.c
@@ -573,6 +573,7 @@ static int cgid_server(void *data)
     apr_pool_t *ptrans;
     server_rec *main_server = data;
     apr_hash_t *script_hash = apr_hash_make(pcgi);
+    apr_status_t rv;
 
     apr_pool_create(&ptrans, pcgi);
 
@@ -607,6 +608,15 @@ static int cgid_server(void *data)
         return errno;
     }
 
+    /* Not all flavors of unix use the current umask for AF_UNIX perms */
+    rv = apr_file_perms_set(sockname, APR_FPROT_UREAD|APR_FPROT_UWRITE|APR_FPROT_UEXECUTE);
+    if (rv != APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_CRIT, rv, main_server,
+                     "Couldn't set permissions on unix domain socket %s",
+                     sockname);
+        return rv;
+    }
+
     if (listen(sd, DEFAULT_CGID_LISTENBACKLOG) < 0) {
         ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,
                      "Couldn't listen on unix domain socket");
-- 
2.40.0