r4482 - in trunk/varnish-cache: . bin/varnishd

tfheen at projects.linpro.no tfheen at projects.linpro.no
Mon Jan 25 15:47:29 CET 2010 

Author: tfheen
Date: 2010-01-25 15:47:29 +0100 (Mon, 25 Jan 2010)
New Revision: 4482

Modified:
   trunk/varnish-cache/bin/varnishd/mgt_child.c
   trunk/varnish-cache/configure.ac
Log:
Drop all privileges in worker children on Solaris

Fixes #628

Modified: trunk/varnish-cache/bin/varnishd/mgt_child.c
===================================================================
--- trunk/varnish-cache/bin/varnishd/mgt_child.c	2010-01-25 13:42:04 UTC (rev 4481)
+++ trunk/varnish-cache/bin/varnishd/mgt_child.c	2010-01-25 14:47:29 UTC (rev 4482)
@@ -46,6 +46,10 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 
+#ifdef HAVE_PRIV_H
+#include <priv.h>
+#endif
+
 #ifndef HAVE_SETPROCTITLE
 #include "compat/setproctitle.h"
 #endif
@@ -228,6 +232,36 @@
 
 /*--------------------------------------------------------------------*/
 
+/* Waive all privileges in the child, it does not need any */
+
+static inline void
+waive_privileges(void)
+{
+#ifdef HAVE_SETPPRIV
+	priv_set_t *empty;
+
+	if (!(empty = priv_allocset())) {
+		perror("priv_allocset_failed");
+		return;
+	}
+	priv_emptyset(empty);
+
+#define SETPPRIV(which, set)				       \
+	if (setppriv(PRIV_SET, which, set))		       \
+		perror("Waiving privileges failed on " #which)
+
+	SETPPRIV(PRIV_LIMIT, empty);
+	SETPPRIV(PRIV_INHERITABLE, empty);
+	SETPPRIV(PRIV_PERMITTED, empty); /* implies PRIV_EFFECTIVE */
+
+	priv_freeset(empty);
+#else
+	return;
+#endif
+}
+
+/*--------------------------------------------------------------------*/
+
 static void
 start_child(struct cli *cli)
 {
@@ -312,6 +346,8 @@
 		}
 		printf("\n");
 
+		waive_privileges();
+
 		setproctitle("Varnish-Chld %s", heritage.name);
 
 		(void)signal(SIGINT, SIG_DFL);

Modified: trunk/varnish-cache/configure.ac
===================================================================
--- trunk/varnish-cache/configure.ac	2010-01-25 13:42:04 UTC (rev 4481)
+++ trunk/varnish-cache/configure.ac	2010-01-25 14:47:29 UTC (rev 4482)
@@ -126,6 +126,7 @@
 AC_CHECK_HEADERS([stddef.h])
 AC_CHECK_HEADERS([stdlib.h])
 AC_CHECK_HEADERS([unistd.h])
+AC_CHECK_HEADERS([priv.h])
 
 # Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
@@ -150,6 +151,7 @@
 AC_CHECK_FUNCS([abort2])
 AC_CHECK_FUNCS([timegm])
 AC_CHECK_FUNCS([nanosleep])
+AC_CHECK_FUNCS([setppriv])
 
 save_LIBS="${LIBS}"
 LIBS="${PTHREAD_LIBS}"

More information about the varnish-commit mailing list