You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2009/10/08 16:35:13 UTC
svn commit: r823191 - /httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c
Author: covener
Date: Thu Oct 8 14:35:13 2009
New Revision: 823191
URL: http://svn.apache.org/viewvc?rev=823191&view=rev
Log:
explicitly set the permissions of AF_UNIX sockets, as in mod_cgid r654332,
despite logs/fcgidsock/ having tighter permissions already.
http://svn.apache.org/viewvc?view=rev&revision=654332
Modified:
httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c
Modified: httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c
URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c?rev=823191&r1=823190&r2=823191&view=diff
==============================================================================
--- httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c (original)
+++ httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c Thu Oct 8 14:35:13 2009
@@ -259,6 +259,17 @@
return errno;
}
+ /* IPC directory permissions are safe, but avoid confusion */
+ /* Not all flavors of unix use the current umask for AF_UNIX perms */
+
+ rv = apr_file_perms_set(unix_addr.sun_path, APR_FPROT_UREAD|APR_FPROT_UWRITE|APR_FPROT_UEXECUTE);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, main_server,
+ "mod_fcgid: Couldn't set permissions on unix domain socket %s",
+ unix_addr.sun_path);
+ return rv;
+ }
+
/* Listen the socket */
if (listen(unix_socket, DEFAULT_FCGID_LISTENBACKLOG) < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,