2 files changed, 58 insertions, 0 deletions

diff --git a/www/apache20/Makefile b/www/apache20/Makefile
index 07ea290dbab5..33235686ccac 100644
--- a/www/apache20/Makefile
+++ b/www/apache20/Makefile
@@ -68,6 +68,14 @@ USE_BZIP2=		yes
 
 MPM_ITK_VERSION?=	20061030-01
 
+.if defined(WITH_SUEXEC_RSRCLIMIT)
+EXTRA_PATCHES+= ${FILESDIR}/extra-patch-suexec_rsrclimit
+.if !defined(WITH_SUEXEC)
+IGNORE=         suEXEC resource limit patch requires mod_suexec.\
+                Please add 'WITH_SUEXEC=YES' to you /etc/make.conf
+.endif
+.endif
+
 CONFIGURE_ARGS=	--prefix=${PREFIX_RELDEST} \
 		--enable-layout=FreeBSD \
 		--with-perl=${PERL5} \
diff --git a/www/apache20/files/extra-patch-suexec_rsrclimit b/www/apache20/files/extra-patch-suexec_rsrclimit
new file mode 100644
index 000000000000..f6ef9d765cf5
--- /dev/null
+++ b/www/apache20/files/extra-patch-suexec_rsrclimit
@@ -0,0 +1,50 @@
+diff -Nru support/Makefile.in.orig1 support/Makefile.in
+--- support/Makefile.in.orig1	2010-05-14 10:05:11.000000000 +0400
++++ support/Makefile.in	2010-05-14 10:05:41.000000000 +0400
+@@ -57,7 +57,7 @@
+ 
+ suexec_OBJECTS = suexec.lo
+ suexec: $(suexec_OBJECTS)
+-	$(LINK) $(suexec_OBJECTS)
++	$(LINK) -lutil $(suexec_OBJECTS)
+ 
+ httxt2dbm_OBJECTS = httxt2dbm.lo
+ httxt2dbm: $(httxt2dbm_OBJECTS)
+diff -Nru support/suexec.c.orig1 support/suexec.c
+--- support/suexec.c.orig1	2006-07-12 11:40:55.000000000 +0400
++++ support/suexec.c	2010-05-14 10:05:41.000000000 +0400
+@@ -37,6 +37,7 @@
+ #include <sys/param.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
++#include <login_cap.h>
+ #include <string.h>
+ #include <time.h>
+ #if APR_HAVE_UNISTD_H
+@@ -242,6 +243,7 @@
+     char *cmd;              /* command to be executed    */
+     char cwd[AP_MAXPATH];   /* current working directory */
+     char dwd[AP_MAXPATH];   /* docroot working directory */
++    login_cap_t *lc;        /* user resource limits      */
+     struct passwd *pw;      /* password entry holder     */
+     struct group *gr;       /* group entry holder        */
+     struct stat dir_info;   /* directory info holder     */
+@@ -448,6 +450,18 @@
+     }
+ 
+     /*
++     * Apply user resource limits based on login class.
++     */
++    if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
++               log_err("failed to login_getclassbyname()\n");
++               exit(109);
++       }
++       if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) {
++               log_err("failed to setusercontext()\n");
++               exit(109);
++       }
++
++    /*
+      * Change UID/GID here so that the following tests work over NFS.
+      *
+      * Initialize the group access list for the target user,