when using an external program to check uploaded files with mod_security and suexec is activated, the program will be called as the proper user which don't have reading permission to the temporary file. Solution: when compiling with '-D DISABLE_SUEXEC' this problem will be circumvented. (either the user apache runs the command or the file has other rights. didn't check that) Proposal: an additional useflag for mod_security or the ebuild checks if 'no-suexec' is set for apache and extends the ebuild variables APXS2_ARGS & APXS1_ARGS with '-D DISABLE_SUEXEC'
(er, *not* to have one too)
Ignore my previous comment, bugzilla did something stupid.
CCing apache-bugs too. Best regards, CHTEKK.
there is no such flag DISABLE_SUEXEC in mod_security-2.1.2