You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2009/10/08 16:35:13 UTC

svn commit: r823191 - /httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c

Author: covener
Date: Thu Oct  8 14:35:13 2009
New Revision: 823191

URL: http://svn.apache.org/viewvc?rev=823191&view=rev
Log:
explicitly set the permissions of AF_UNIX sockets, as in mod_cgid r654332,
despite logs/fcgidsock/ having tighter permissions already.

http://svn.apache.org/viewvc?view=rev&revision=654332


Modified:
    httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c

Modified: httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c
URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c?rev=823191&r1=823190&r2=823191&view=diff
==============================================================================
--- httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c (original)
+++ httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c Thu Oct  8 14:35:13 2009
@@ -259,6 +259,17 @@
         return errno;
     }
 
+    /* IPC directory permissions are safe, but avoid confusion */
+    /* Not all flavors of unix use the current umask for AF_UNIX perms */
+
+    rv = apr_file_perms_set(unix_addr.sun_path, APR_FPROT_UREAD|APR_FPROT_UWRITE|APR_FPROT_UEXECUTE);
+    if (rv != APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_CRIT, rv, main_server,
+                     "mod_fcgid: Couldn't set permissions on unix domain socket %s",
+                     unix_addr.sun_path);
+        return rv;
+    }
+
     /* Listen the socket */
     if (listen(unix_socket, DEFAULT_FCGID_LISTENBACKLOG) < 0) {
         ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,