Bring forward the suexec umask setting option from 1.3, and

	also fix some configure.in bits that would define macros
	that needed to be numbers as strings instead.

Obtained from:	Apache HTTP Server 1.3


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88493 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 14 insertions, 4 deletions

diff --git a/support/suexec.c b/support/suexec.c
index 882608ca6f..8550ba9abe 100644
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -301,11 +301,11 @@ int main(int argc, char *argv[])
 #ifdef AP_LOG_EXEC
         fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC);
 #endif
-#ifdef SAFE_PATH
-        fprintf(stderr, " -D SAFE_PATH=\"%s\"\n", SAFE_PATH);
+#ifdef AP_SAFE_PATH
+        fprintf(stderr, " -D AP_SAFE_PATH=\"%s\"\n", AP_SAFE_PATH);
 #endif
-#ifdef SUEXEC_UMASK
-        fprintf(stderr, " -D SUEXEC_UMASK=%03o\n", SUEXEC_UMASK);
+#ifdef AP_SUEXEC_UMASK
+        fprintf(stderr, " -D AP_SUEXEC_UMASK=%03o\n", AP_SUEXEC_UMASK);
 #endif
 #ifdef AP_UID_MIN
         fprintf(stderr, " -D AP_UID_MID=%d\n", AP_UID_MIN);
@@ -580,6 +580,16 @@ int main(int argc, char *argv[])
 	exit(121);
     }
 
+#ifdef AP_SUEXEC_UMASK
+    /*
+     * umask() uses inverse logic; bits are CLEAR for allowed access.
+     */
+    if ((~AP_SUEXEC_UMASK) & 0022) {
+        log_err("notice: AP_SUEXEC_UMASK of %03o allows "
+                "write permission to group and/or other\n", AP_SUEXEC_UMASK);
+    }
+    umask(AP_SUEXEC_UMASK);
+#endif /* AP_SUEXEC_UMASK */
     clean_env();
 
     /*