Re: [users@httpd] suEXEC verbosity

[Fabio Corazza <fabio@xxxxxxxxxx>]

Fabio Corazza wrote:
[snip]
> Everything is fine except the verbosity of the suEXEC mechanism, which
> writes a notice for every request that is passed to the CGI:
[snip]

With the help of a colleague we wrote a patch to get rid of excessive
verbosity of suEXEC, for whom they intend to run it on high-load web
servers with a lot of requests going through the invoked script (it may
be desirable not to have 4 lines printed to the log for every request).

Basically we suppress the output that is generated every time that the
script is invoked (we just open the file), and we suppress the umask
notice as well.

It didn't produce any nasty effect in our environment.

Any comment is appreciated.



Regards,

-- 
Fabio Corazza - Engineering
NewBay Software, Ltd.
Wilson House, Fenian Street, Dublin 2, Ireland
Phone: +353 1 634 5490 - e-mail: fabio@xxxxxxxxxx

--- httpd-2.2.3/support/suexec.c	2006-07-12 04:38:44.000000000 +0100
+++ httpd-2.2.3.suexecmod/support/suexec.c	2006-10-03 18:05:49.000000000 +0100
@@ -143,13 +143,9 @@ static const char *const safe_env_lst[] 
     NULL
 };
 
-
-static void err_output(int is_error, const char *fmt, va_list ap)
+static void suexec_open_logs()
 {
 #ifdef AP_LOG_EXEC
-    time_t timevar;
-    struct tm *lt;
-
     if (!log) {
         if ((log = fopen(AP_LOG_EXEC, "a")) == NULL) {
             fprintf(stderr, "suexec failure: could not open log file\n");
@@ -157,6 +153,17 @@ static void err_output(int is_error, con
             exit(1);
         }
     }
+#endif /* AP_LOG_EXEC */
+    return;
+}
+
+static void err_output(int is_error, const char *fmt, va_list ap)
+{
+#ifdef AP_LOG_EXEC
+    time_t timevar;
+    struct tm *lt;
+
+    suexec_open_logs();
 
     if (is_error) {
         fprintf(stderr, "suexec policy violation: see suexec log for more "
@@ -441,10 +448,7 @@ int main(int argc, char *argv[])
      * Log the transaction here to be sure we have an open log
      * before we setuid().
      */
-    log_no_err("uid: (%s/%s) gid: (%s/%s) cmd: %s\n",
-               target_uname, actual_uname,
-               target_gname, actual_gname,
-               cmd);
+    suexec_open_logs();
 
     /*
      * Error out if attempt is made to execute as root or as
@@ -588,11 +592,7 @@ int main(int argc, char *argv[])
     /*
      * umask() uses inverse logic; bits are CLEAR for allowed access.
      */
-    if ((~AP_SUEXEC_UMASK) & 0022) {
-        log_err("notice: AP_SUEXEC_UMASK of %03o allows "
-                "write permission to group and/or other\n", AP_SUEXEC_UMASK);
-    }
-    umask(AP_SUEXEC_UMASK);
+     umask(AP_SUEXEC_UMASK);
 #endif /* AP_SUEXEC_UMASK */
 
     /*

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx