Use setusercontext() instead of the setgid/setuid dance now. This makes
suexec2 do the same thing as the in tree suexec. Idea by f...@.
I fluked on the auto configuration stuff -- that's a rabbit hole I don't
even want to get close to.
--
:wq Claudio
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.20
diff -u -p -r1.20 Makefile
--- Makefile 15 May 2009 15:46:58 -0000 1.20
+++ Makefile 8 Jun 2009 03:17:40 -0000
@@ -3,7 +3,7 @@
COMMENT= apache HTTP server
V= 2.2.11
-PKGNAME= apache-httpd-${V}p0
+PKGNAME= apache-httpd-${V}p1
DISTNAME= httpd-${V}
CATEGORIES= www net
Index: patches/patch-support_suexec_c
===================================================================
RCS file: patches/patch-support_suexec_c
diff -N patches/patch-support_suexec_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-support_suexec_c 8 Jun 2009 03:16:26 -0000
@@ -0,0 +1,38 @@
+$OpenBSD$
+--- support/suexec.c.orig Mon Jun 8 05:07:11 2009
++++ support/suexec.c Mon Jun 8 05:16:15 2009
+@@ -55,6 +55,12 @@
+ #include <grp.h>
+ #endif
+
++#define USE_SETUSERCONTEXT
++
++#if defined(USE_SETUSERCONTEXT)
++#include <login_cap.h>
++#endif
++
+ /*
+ ***********************************************************************
+ * There is no initgroups() in QNX, so I believe this is safe :-)
+@@ -466,6 +472,13 @@ int main(int argc, char *argv[])
+ exit(108);
+ }
+
++#if defined(USE_SETUSERCONTEXT)
++ if (setusercontext(NULL, pw, uid,
++ LOGIN_SETALL & ~(LOGIN_SETLOGIN | LOGIN_SETPATH)) != 0) {
++ log_err("emerg: failed to setusercontext (%u: %s)\n", uid, cmd);
++ exit(110);
++ }
++#else
+ /*
+ * Change UID/GID here so that the following tests work over NFS.
+ *
+@@ -484,6 +497,7 @@ int main(int argc, char *argv[])
+ log_err("failed to setuid (%ld: %s)\n", uid, cmd);
+ exit(110);
+ }
++#endif
+
+ /*
+ * Get the current working directory, as well as the proper
