[httpd] - drop setuid bit, use capabilities for suexec binary
jorton
jorton at fedoraproject.org
Sat Nov 20 15:09:21 UTC 2010
commit 38e4a75911f3749a906d2ec41b3b48f622abab5d
Author: Joe Orton <jorton at redhat.com>
Date: Sat Nov 20 15:09:16 2010 +0000
- drop setuid bit, use capabilities for suexec binary
httpd.spec | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/httpd.spec b/httpd.spec
index 7b50301..04804ad 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -7,7 +7,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.2.17
-Release: 1%{?dist}
+Release: 2%{?dist}
URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html
@@ -422,7 +422,7 @@ rm -rf $RPM_BUILD_ROOT
%{_sbindir}/ht*
%{_sbindir}/apachectl
%{_sbindir}/rotatelogs
-%attr(4510,root,%{suexec_caller}) %{_sbindir}/suexec
+%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
%dir %{_libdir}/httpd
%dir %{_libdir}/httpd/modules
@@ -479,6 +479,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/httpd/build/*.sh
%changelog
+* Sat Nov 20 2010 Joe Orton <jorton at redhat.com> - 2.2.17-2
+- drop setuid bit, use capabilities for suexec binary
+
* Wed Oct 27 2010 Joe Orton <jorton at redhat.com> - 2.2.17-1
- update to 2.2.17
More information about the scm-commits
mailing list