--- httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c 2009/10/08 14:32:38 823190 +++ httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c 2009/10/08 14:35:13 823191 @@ -259,6 +259,17 @@ return errno; }+ /* IPC directory permissions are safe, but avoid confusion */ + /* Not all flavors of unix use the current umask for AF_UNIX perms */ + + rv = apr_file_perms_set(unix_addr.sun_path, APR_FPROT_UREAD|APR_FPROT_UWRITE|APR_FPROT_UEXECUTE); + if (rv != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_CRIT, rv, main_server, + "mod_fcgid: Couldn't set permissions on unix domain socket %s", + unix_addr.sun_path); + return rv; + } + /* Listen the socket */ if (listen(unix_socket, DEFAULT_FCGID_LISTENBACKLOG) < 0) { ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,
This change breaks compatibility with old APR versions. Attached patch seems to fix it for me.
Paul.
Index: modules/fcgid/fcgid_proc_unix.c =================================================================== --- modules/fcgid/fcgid_proc_unix.c (revision 827986) +++ modules/fcgid/fcgid_proc_unix.c (working copy) @@ -43,6 +43,17 @@ #include "fcgid_pm.h" #include "fcgid_spawn_ctl.h" +/* apr forward compatibility */ +#ifndef APR_FPROT_UWRITE +#define APR_FPROT_UWRITE APR_UWRITE +#endif +#ifndef APR_FPROT_UREAD +#define APR_FPROT_UREAD APR_UREAD +#endif +#ifndef APR_FPROT_UEXECUTE +#define APR_FPROT_UEXECUTE APR_UEXECUTE +#endif + #if MODULE_MAGIC_NUMBER_MAJOR < 20081201 #define ap_unixd_config unixd_config // #define ap_unixd_setup_child unixd_setup_child
