Hi, Jeff Your concerns are right, +1 for your patch :) Thanks
-------------------------------------------------- From: "Jeff Trawick" <traw...@gmail.com> Sent: Thursday, January 21, 2010 9:23 PM To: <dev@httpd.apache.org> Subject: Re: [mod_fcgid PATCH] catch errors from setuid()/seteuid() > On Wed, Jan 20, 2010 at 8:19 PM, pqf <p...@mailtech.cn> wrote: >> I man seteuid in my Linux box, there are two types of errors: >> ERRORS >> The seteuid() function shall fail if: >> >> EINVAL The value of the uid argument is invalid and is not supported >> by the implementation. >> >> EPERM The process does not have appropriate privileges and uid does >> not match the real group ID or the saved set-group- >> ID. >> >> If directly pass 0 in setuid(), EINVAL may not happend >> If this process is seteuid from root, EPERM may not happend >> >> so, I think the check is just a textbook logic check? > > yes, until somebody changes code or some other bug results in this > being called in a different environment > >> just call _exit(1) if it fail? > > two concerns with that minimal change: > > 1. seteuid() works once then fails n times now (at least on Solaris), > so some extra logic is needed > 2. even if these calls never fail, the presence of the exit() without > a log message may cause somebody to lose a lot of time investigating a > mysterious disappearance of the new process > > --/-- > > I'll punt on this until after 2.3.5 since I'd like to spend the time > to watch it work on another platform or two. (suexec is not something > I use more than once every ~3 years, so it is worth setting up in > multiple environments.) >