netbsd-bugs: pkg/14973: Add support for tuning Apache SuExec UID/GID

Subject: pkg/14973: Add support for tuning Apache SuExec UID/GID
To: None <gnats-bugs@gnats.netbsd.org>
From: None <eric@cirr.com>
List: netbsd-bugs
Date: 12/16/2001 21:58:46
>Number:         14973
>Category:       pkg
>Synopsis:       Adding support for tuning apache suexec UID/GID
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Dec 16 19:59:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Eric Schnoebelen
>Release:        2001/12/16
>Organization:
	Central Iowa (Model) Railroad
>Environment:
System: NetBSD ihnp4 1.4 NetBSD 1.4 (GENERIC_SCSI3) #0: Sun May 9 04:05:20 MEST 1999 pk@flambard:/usr/src/sys/arch/sparc/compile/GENERIC_SCSI3 sparc


>Description:
	Add support for altering the suexec minimum UID and GID in apache.
>How-To-Repeat:
	
>Fix:
cvs server: Diffing mk
Index: mk/bsd.pkg.defaults.mk
===================================================================
RCS file: /cvsroot/pkgsrc/mk/bsd.pkg.defaults.mk,v
retrieving revision 1.25
diff -b -u -w -r1.25 bsd.pkg.defaults.mk
--- bsd.pkg.defaults.mk	2001/12/15 20:25:37	1.25
+++ bsd.pkg.defaults.mk	2001/12/17 03:57:08
@@ -386,6 +386,16 @@
 # Possible: Any valid directory                                              
 # Default: ${LOCALBASE}/share/httpd/htdocs                                   
 
+#APACHE_SUEXEC_UIDMIN?= 100
+# Specifies the minimum UID suexec is allowed to switch to
+# possible: any uid
+# Default: 100
+
+#APACHE_SUEXEC_GIDMIN?= 100
+# Specifies the minimum GID suexec is allowed to switch to
+# possible: any uid
+# Default: 100
+
 APACHE_USER?=	www
 # Used in the apache package to specify the user allowed to execute
 # the `suexec' wrapper.
Index: www/apache/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/www/apache/Makefile,v
retrieving revision 1.85
diff -b -u -w -r1.85 Makefile
--- Makefile	2001/12/02 06:56:45	1.85
+++ Makefile	2001/12/17 03:57:09
@@ -43,11 +43,15 @@
 
 .if defined(APACHE_SUEXEC) && ${APACHE_SUEXEC} == YES
 APACHE_USER?=		www
+APACHE_SUEXEC_UIDMIN?=	100
+APACHE_SUEXEC_GIDMIN?=	100
 APACHE_SUEXEC_DOCROOT?=	${LOCALBASE}/share/httpd/htdocs
 SUEXEC_PATH=		/bin:/usr/bin:${PREFIX}/bin:/usr/local/bin
 CONFIGURE_ARGS+=	--enable-suexec 				\
 			--suexec-caller=${APACHE_USER}			\
 			--suexec-safepath='${SUEXEC_PATH}'		\
+		        --suexec-uidmin=${APACHE_SUEXEC_UIDMIN}		\
+		        --suexec-gidmin=${APACHE_SUEXEC_GIDMIN}		\
 			--suexec-docroot=${APACHE_SUEXEC_DOCROOT}
 PLIST_SRC=		${PKGDIR}/PLIST.suexec
 BUILD_DEFS+=		APACHE_USER APACHE_SUEXEC_DOCROOT
>Release-Note:
>Audit-Trail:
>Unformatted: