File 0012-Update-suexec-to-allow-execution-for-httpusergroup-m.patch of Package ea-apache2

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Cory McIntire <cory@cpanel.net>
Date: Thu, 12 Jul 2018 15:46:51 -0500
Subject: [PATCH 12/21] Update suexec to allow execution for httpusergroup
 members

---
 support/suexec.c | 33 +++++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/support/suexec.c b/support/suexec.c
index ab200fb..04e6a08 100644
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -267,6 +267,25 @@ static void clean_env(void)
     environ = cleanenv;
 }
 
+static int is_group_member( const char *uname, gid_t gid ) {
+    struct group *g;
+    char **members;
+
+    g = getgrgid( gid );
+    if ( g == NULL ) {
+        log_err("crit: cannot get membership of group %d\n", gid);
+        exit(109);
+    }
+
+    members = g->gr_mem;
+    while ( *members != NULL ) {
+        if ( strcmp( *members, uname ) == 0 ) {
+            return 1;
+        }
+    }
+    return 0;
+}
+
 int main(int argc, char *argv[])
 {
     int userdir = 0;        /* ~userdir flag             */
@@ -278,6 +297,7 @@ int main(int argc, char *argv[])
     char *target_uname;     /* target user name          */
     char *target_gname;     /* target group name         */
     char *target_homedir;   /* target home directory     */
+    gid_t default_gid;      /* Default GID for target UID*/
     char *actual_uname;     /* actual user name          */
     char *actual_gname;     /* actual group name         */
     char *cmd;              /* command to be executed    */
@@ -481,6 +501,7 @@ int main(int argc, char *argv[])
     uid = pw->pw_uid;
     actual_uname = strdup(pw->pw_name);
     target_homedir = strdup(pw->pw_dir);
+    default_gid = pw->pw_gid;
     if (actual_uname == NULL || target_homedir == NULL) {
         log_err("failed to alloc memory\n");
         exit(126);
@@ -513,6 +534,14 @@ int main(int argc, char *argv[])
         exit(108);
     }
 
+    /*
+     * Error out if user UID is not a member of group GID.
+     */
+    if ((gid != default_gid) && !is_group_member(actual_uname, gid)) {
+	log_err("crit: user does not belong to group (%s/%d/%s)\n", actual_uname, gid, cmd);
+	exit(108);
+    }
+
     /*
      * Change UID/GID here so that the following tests work over NFS.
      *
@@ -642,9 +671,9 @@ int main(int argc, char *argv[])
      * the name/group of the cwd or the program.
      */
     if ((uid != dir_info.st_uid) ||
-        (gid != dir_info.st_gid) ||
+        ((gid != dir_info.st_gid) && (dir_info.st_gid != httpgid)) ||
         (uid != prg_info.st_uid) ||
-        (gid != prg_info.st_gid)) {
+        ((gid != prg_info.st_gid) && (prg_info.st_gid != httpgid))) {
 #ifdef TRUSTED_USERS_SCRIPTS
         /*
          * Check if we're using a "shared" script