Index: trunk/server/common/patches/httpd-suexec-scripts.patch =================================================================== --- trunk/server/common/patches/httpd-suexec-scripts.patch (revision 1169) +++ trunk/server/common/patches/httpd-suexec-scripts.patch (revision 1259) @@ -45,6 +45,6 @@ APACHE_HELP_STRING(--with-suexec-docroot,SuExec root directory),[ AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] ) ---- httpd-2.2.2/support/suexec.c.old 2006-04-21 21:53:06.000000000 -0400 -+++ httpd-2.2.2/support/suexec.c 2007-05-22 10:32:04.000000000 -0400 +--- httpd-2.2.11/support/suexec.c.old 2008-11-30 10:47:31.000000000 -0500 ++++ httpd-2.2.11/support/suexec.c 2009-06-08 09:02:17.000000000 -0400 @@ -30,6 +30,9 @@ * @@ -57,5 +57,5 @@ #include "ap_config.h" #include "suexec.h" -@@ -46,6 +48,7 @@ +@@ -46,6 +49,7 @@ #include #include @@ -65,5 +65,5 @@ #ifdef HAVE_PWD_H #include -@@ -95,6 +98,7 @@ +@@ -95,6 +99,7 @@ { /* variable name starts with */ @@ -146,8 +146,8 @@ clean_env(); + setenv("JAVA_TOOL_OPTIONS", "-Xmx128M", 1); /* scripts.mit.edu local hack */ - + prog = argv[0]; /* -@@ -350,6 +406,20 @@ +@@ -350,6 +414,20 @@ #endif /*_OSD_POSIX*/ @@ -170,5 +170,5 @@ * or attempts to back up out of the current directory, * to protect against attacks. If any are -@@ -371,6 +441,7 @@ +@@ -371,6 +449,7 @@ userdir = 1; } @@ -178,5 +178,5 @@ * Error out if the target username is invalid. */ -@@ -450,7 +521,7 @@ +@@ -452,7 +531,7 @@ * Error out if attempt is made to execute as root or as * a UID less than AP_UID_MIN. Tsk tsk. @@ -187,5 +187,5 @@ exit(107); } -@@ -482,6 +553,21 @@ +@@ -484,6 +563,21 @@ log_err("failed to setuid (%ld: %s)\n", uid, cmd); exit(110); @@ -209,5 +209,5 @@ /* * Get the current working directory, as well as the proper -@@ -504,6 +588,21 @@ +@@ -506,6 +600,21 @@ log_err("cannot get docroot information (%s)\n", target_homedir); exit(112); @@ -231,5 +231,5 @@ else { if (((chdir(AP_DOC_ROOT)) != 0) || -@@ -530,15 +629,17 @@ +@@ -532,15 +641,17 @@ /* * Error out if cwd is writable by others. @@ -250,5 +250,5 @@ exit(117); } -@@ -546,10 +647,12 @@ +@@ -548,10 +659,12 @@ /* * Error out if the program is writable by others. @@ -263,5 +263,5 @@ /* * Error out if the file is setuid or setgid. -@@ -563,6 +666,7 @@ +@@ -565,6 +678,7 @@ * Error out if the target name/group is different from * the name/group of the cwd or the program. @@ -271,5 +271,5 @@ (gid != dir_info.st_gid) || (uid != prg_info.st_uid) || -@@ -574,12 +678,14 @@ +@@ -576,16 +690,33 @@ prg_info.st_uid, prg_info.st_gid); exit(120); @@ -287,13 +287,10 @@ exit(121); } -@@ -606,6 +711,21 @@ - exit(122); - } + if (is_static_extension(cmd)) { + argv[2] = STATIC_CAT_PATH; + execv(STATIC_CAT_PATH, &argv[2]); -+ log_err("(%d)%s: static_cat exec failed (%s)\n", errno, strerror(errno), argv[2]); -+ exit(255); ++ log_err("(%d)%s: static_cat exec failed (%s)\n", errno, strerror(errno), argv[2]); ++ exit(255); + } + if (is_php_extension(cmd)) { @@ -302,9 +299,9 @@ + argv[2] = "-f"; + execv(PHP_PATH, &argv[1]); -+ log_err("(%d)%s: php exec failed (%s)\n", errno, strerror(errno), argv[2]); -+ exit(255); -+ } -+ - /* - * Execute the command, replacing our image with its own. - */ ++ log_err("(%d)%s: php exec failed (%s)\n", errno, strerror(errno), argv[2]); ++ exit(255); ++ } ++ + #ifdef AP_SUEXEC_UMASK + /* + * umask() uses inverse logic; bits are CLEAR for allowed access.