suEXEC: Add Suexec directive to disable suEXEC without renaming the

binary (Suexec Off), or force startup failure if suEXEC is required
but not supported (Suexec On).  Change SuexecUserGroup to fail 
startup instead of just printing a warning if suEXEC is disabled.

Additionally, ap_unixd_config.suexec_disabled_reason has a message,
suitable for logging/messaging, explaining why the feature isn't
available.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1033519 13f79535-47bb-0310-9956-ffa450edef68

CHANGES

@@ -6,6 +6,12 @@ Changes with Apache 2.3.9
      Fix a denial of service attack against mod_reqtimeout.
      [Stefan Fritsch]
 
+  *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
+     binary (Suexec Off), or force startup failure if suEXEC is required
+     but not supported (Suexec On).  Change SuexecUserGroup to fail 
+     startup instead of just printing a warning if suEXEC is disabled.
+     [Jeff Trawick]
+
   *) core: Add Error directive for aborting startup or htaccess processing
      with a specified error message.  [Jeff Trawick]
 

docs/manual/mod/mod_suexec.xml

@@ -62,8 +62,11 @@ later.</compatibility>
     SuexecUserGroup nobody nogroup
     </example>
 
+    <p>In Apache httpd 2.3.9 and later, startup will fail if this
+    directive is specified but the suEXEC feature is disabled.</p>
 </usage>
-
+<seealso><directive module="mod_unixd">Suexec</directive></seealso>
 </directivesynopsis>
+
 </modulesynopsis>
 

docs/manual/mod/mod_unixd.xml

@@ -26,6 +26,8 @@
 <description>Basic (required) security for Unix-family platforms.</description>
 <status>Base</status>
 
+<seealso><a href="../suexec.html">suEXEC support</a></seealso>
+
 <directivesynopsis>
 <name>Group</name>
 <description>Group under which the server will answer
@@ -139,4 +141,21 @@ requests</description>
 </usage>
 </directivesynopsis>
 
+<directivesynopsis>
+<name>Suexec</name>
+<description>Enable or disable the suEXEC feature</description>
+<syntax>Suexec On|Off</syntax>
+<default>On if suexec binary exists with proper owner and mode,
+Off otherwise</default>
+<contextlist><context>server config</context></contextlist>
+<compatibility>Available in Apache httpd 2.3.9 and later</compatibility>
+
+<usage>
+    <p>When On, startup will fail if the suexec binary doesn't exist
+    or has an invalid owner or file mode.</p>
+    <p>When Off, suEXEC will be disabled even if the suexec binary exists
+    and has a valid owner and file mode.</p>
+</usage>
+</directivesynopsis>
+
 </modulesynopsis>

include/ap_mmn.h

@@ -282,6 +282,7 @@
  *                         mod_ssl's parser. Clean up ap_expr's public
  *                         interface.
  * 20101106.1 (2.3.9-dev)  Add ap_pool_cleanup_set_null() generic cleanup
+ * 20101106.2 (2.3.9-dev)  Add suexec_disabled_reason field to ap_unixd_config
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */

modules/arch/unix/mod_unixd.c

@@ -260,6 +260,28 @@ unixd_set_chroot_dir(cmd_parms *cmd, void *dummy,
     return NULL;
 }
 
+static const char *
+unixd_set_suexec(cmd_parms *cmd, void *dummy, int arg)
+{
+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+
+    if (err != NULL) {
+        return err;
+    }
+
+    if (!ap_unixd_config.suexec_enabled && arg) {
+        return apr_pstrcat(cmd->pool, "suEXEC isn't supported: ",
+                           ap_unixd_config.suexec_disabled_reason, NULL);
+    }
+
+    if (!arg) {
+        ap_unixd_config.suexec_disabled_reason = "Suexec directive is Off";
+    }
+
+    ap_unixd_config.suexec_enabled = arg;
+    return NULL;
+}
+
 static int 
 unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
                  apr_pool_t *ptemp)
@@ -278,7 +300,16 @@ unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
         if ((wrapper.protection & APR_USETID) && wrapper.user == 0
             && (access(SUEXEC_BIN, R_OK|X_OK) == 0)) {
             ap_unixd_config.suexec_enabled = 1;
+            ap_unixd_config.suexec_disabled_reason = "";
         }
+        else {
+            ap_unixd_config.suexec_disabled_reason =
+                "Invalid owner or file mode for " SUEXEC_BIN;
+        }
+    }
+    else {
+        ap_unixd_config.suexec_disabled_reason =
+            "Missing suexec binary " SUEXEC_BIN;
     }
 
     ap_sys_privileges_handlers(1);
@@ -354,6 +385,8 @@ static const command_rec unixd_cmds[] = {
                   "Effective group id for this server"),
     AP_INIT_TAKE1("ChrootDir", unixd_set_chroot_dir, NULL, RSRC_CONF,
                   "The directory to chroot(2) into"),
+    AP_INIT_FLAG("Suexec", unixd_set_suexec, NULL, RSRC_CONF,
+                 "Enable or disable suEXEC support"),
     {NULL}
 };
 

modules/generators/mod_suexec.c

@@ -64,16 +64,18 @@ static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig,
     if (err != NULL) {
         return err;
     }
-    if (ap_unixd_config.suexec_enabled) {
+
-        cfg->ugid.uid = ap_uname2id(uid);
+    if (!ap_unixd_config.suexec_enabled) {
-        cfg->ugid.gid = ap_gname2id(gid);
+        return apr_pstrcat(cmd->pool, "SuexecUserGroup configured, but "
-        cfg->ugid.userdir = 0;
+                           "suEXEC is disabled: ",
-        cfg->active = 1;
+                           ap_unixd_config.suexec_disabled_reason, NULL);
-    }
-    else {
-        fprintf(stderr,
-                "Warning: SuexecUserGroup directive requires SUEXEC wrapper.\n");
     }
+
+    cfg->ugid.uid = ap_uname2id(uid);
+    cfg->ugid.gid = ap_gname2id(gid);
+    cfg->ugid.userdir = 0;
+    cfg->active = 1;
+
     return NULL;
 }
 

os/unix/unixd.h

@@ -77,6 +77,7 @@ typedef struct {
     gid_t group_id;
     int suexec_enabled;
     const char *chroot_dir;
+    const char *suexec_disabled_reason; /* suitable msg if !suexec_enabled */
 } unixd_config_rec;
 AP_DECLARE_DATA extern unixd_config_rec ap_unixd_config;