# See http://www.chrishardie.com/tech/apache/suexec_rsrclimit.html
--- Makefile.tmpl.orig	Fri Feb  8 14:52:57 2002
+++ Makefile.tmpl	Fri Feb  8 12:59:49 2002
@@ -47,7 +47,7 @@
 	    -e 's%@LIBS_SHLIB@%$(LIBS_SHLIB)%g' && chmod a+x apxs
 
 suexec: suexec.o
-	$(CC) $(CFLAGS) -o suexec $(LDFLAGS) suexec.o $(LIBS)
+	$(CC) $(CFLAGS) -lutil -o suexec $(LDFLAGS) suexec.o $(LIBS)
 
 clean:
 	rm -f $(TARGETS) *.o

--- suexec.c.orig	Fri Feb  8 12:57:24 2002
+++ suexec.c	Fri Feb  8 12:58:32 2002
@@ -88,6 +88,7 @@
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <login_cap.h>
 
 #include <stdarg.h>
 
@@ -269,6 +270,7 @@
     char *cmd;			/* command to be executed    */
     char cwd[AP_MAXPATH];	/* current working directory */
     char dwd[AP_MAXPATH];	/* docroot working directory */
+    login_cap_t *lc;            /* user resource limits      */
     struct passwd *pw;		/* password entry holder     */
     struct group *gr;		/* group entry holder        */
     struct stat dir_info;	/* directory info holder     */
@@ -463,6 +465,19 @@
     if ((gid == 0) || (gid < GID_MIN)) {
 	log_err("crit: cannot run as forbidden gid (%d/%s)\n", gid, cmd);
 	exit(108);
+    }
+
+    /*
+     * Apply user resource limits based on login class.
+     */
+    if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
+	log_err("failed to login_getclassbyname()\n");
+	exit(109);
+    }
+
+    if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) {
+	log_err("failed to setusercontext()\n");
+	exit(109);
     }
 
     /*