From 777f02ed581cd3525c8ae81f1d24ac312cbdb6f8 Mon Sep 17 00:00:00 2001 From: Nick Kew Date: Sun, 5 Jul 2009 23:10:30 +0000 Subject: [PATCH] Correctly set suexec_enabled when httpd is run by non-root PR 42175 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@791337 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++++ modules/arch/unix/mod_unixd.c | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 9ddb556e7e..93d9f0c1f0 100644 --- a/CHANGES +++ b/CHANGES @@ -10,6 +10,10 @@ Changes with Apache 2.3.3 *) SECURITY: CVE-2009-1191 (cve.mitre.org) mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body. PR 46949 [Ruediger Pluem] + + *) mod_suexec: correctly set suexec_enabled when httpd is run by a + non-root user and may have insufficient permissions. + PR 42175 [Jim Radford ] *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute type. PR 45107. [Michael Ströder , diff --git a/modules/arch/unix/mod_unixd.c b/modules/arch/unix/mod_unixd.c index 31dec8568c..bb4c6788e2 100644 --- a/modules/arch/unix/mod_unixd.c +++ b/modules/arch/unix/mod_unixd.c @@ -272,7 +272,8 @@ unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog, ap_unixd_config.suexec_enabled = 0; if ((apr_stat(&wrapper, SUEXEC_BIN, APR_FINFO_NORM, ptemp)) == APR_SUCCESS) { - if ((wrapper.protection & APR_USETID) && wrapper.user == 0) { + if ((wrapper.protection & APR_USETID) && wrapper.user == 0 + && (access(SUEXEC_BIN, R_OK|X_OK) == 0)) { ap_unixd_config.suexec_enabled = 1; } } -- 2.50.1