httpd-2.4.1-suenable.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

Removes setuid check because we are now using capabilities to ensure proper
suexec rights.

Upstream-status: vendor specific.

diff --git a/os/unix/unixd.c b/os/unix/unixd.c
index 85d5a98..1ee1dfe 100644
--- httpd-2.4.1/modules/arch/unix/mod_unixd.c.suenable
+++ httpd-2.4.1/modules/arch/unix/mod_unixd.c
@@ -300,7 +300,7 @@ unixd_pre_config(apr_pool_t *pconf, apr_
     ap_unixd_config.suexec_enabled = 0;
     if ((apr_stat(&wrapper, SUEXEC_BIN, APR_FINFO_NORM, ptemp))
          == APR_SUCCESS) {
-        if ((wrapper.protection & APR_USETID) && wrapper.user == 0
+        if (wrapper.user == 0
             && (access(SUEXEC_BIN, R_OK|X_OK) == 0)) {
             ap_unixd_config.suexec_enabled = 1;
             ap_unixd_config.suexec_disabled_reason = "";