rpms / httpd

Clone
Source Code
GIT

Blame SOURCES/httpd-2.4.37-mod-md-perms.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-2.4 c8-sig-artwork c8-stream-2.4 c8s-stream-2.4 c9 c9-beta
  1.   ba31cb1807cc33d4d992d014fa7b3e93606ca5cc
  2.   SOURCES
  3.   httpd-2.4.37-mod-md-perms.patch
Blob History Raw
bdaebd 
diff --git a/modules/md/mod_md_os.c b/modules/md/mod_md_os.c
bdaebd 
index f96d566..8df0248 100644
bdaebd 
--- a/modules/md/mod_md_os.c
bdaebd 
+++ b/modules/md/mod_md_os.c
bdaebd 
@@ -41,14 +41,20 @@
bdaebd
bdaebd 
 apr_status_t md_try_chown(const char *fname, unsigned int uid, int gid, apr_pool_t *p)
bdaebd 
 {
bdaebd 
-#if AP_NEED_SET_MUTEX_PERMS
bdaebd 
-    if (-1 == chown(fname, (uid_t)uid, (gid_t)gid)) {
bdaebd 
-        apr_status_t rv = APR_FROM_OS_ERROR(errno);
bdaebd 
-        if (!APR_STATUS_IS_ENOENT(rv)) {
bdaebd 
-            ap_log_perror(APLOG_MARK, APLOG_ERR, rv, p, APLOGNO(10082)
bdaebd 
-                         "Can't change owner of %s", fname);
bdaebd 
+#if AP_NEED_SET_MUTEX_PERMS && HAVE_UNISTD_H
bdaebd 
+    /* Since we only switch user when running as root, we only need to chown directories
bdaebd 
+     * in that case. Otherwise, the server will ignore any "user/group" directives and
bdaebd 
+     * child processes have the same privileges as the parent.
bdaebd 
+     */
bdaebd 
+    if (!geteuid()) {
bdaebd 
+        if (-1 == chown(fname, (uid_t)uid, (gid_t)gid)) {
bdaebd 
+            apr_status_t rv = APR_FROM_OS_ERROR(errno);
bdaebd 
+            if (!APR_STATUS_IS_ENOENT(rv)) {
bdaebd 
+                ap_log_perror(APLOG_MARK, APLOG_ERR, rv, p, APLOGNO(10082)
bdaebd 
+                              "Can't change owner of %s", fname);
bdaebd 
+            }
bdaebd 
+            return rv;
bdaebd 
         }
bdaebd 
-        return rv;
bdaebd 
     }
bdaebd 
     return APR_SUCCESS;
bdaebd 
 #else
bdaebd 
@@ -58,11 +64,7 @@ apr_status_t md_try_chown(const char *fname, unsigned int uid, int gid, apr_pool
bdaebd
bdaebd 
 apr_status_t md_make_worker_accessible(const char *fname, apr_pool_t *p)
bdaebd 
 {
bdaebd 
-#if AP_NEED_SET_MUTEX_PERMS
bdaebd 
     return md_try_chown(fname, ap_unixd_config.user_id, -1, p);
bdaebd 
-#else
bdaebd 
-    return APR_ENOTIMPL;
bdaebd 
-#endif
bdaebd 
 }
bdaebd
bdaebd 
 #ifdef WIN32

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation