[master] ee43963 Force file permissions 0755 on compiled vcl .so file to make sure it is readable by the unprivileged user.

Martin Blix Grydeland martin at varnish-cache.org
Mon Dec 19 15:42:40 CET 2011


commit ee439631b413cc5505e384c233ca36930cd33a70
Author: Martin Blix Grydeland <martin at varnish-software.com>
Date:   Mon Dec 19 14:59:12 2011 +0100

    Force file permissions 0755 on compiled vcl .so file to make sure it
    is readable by the unprivileged user.
    
    Fixes: #1072

diff --git a/bin/varnishd/mgt/mgt_vcc.c b/bin/varnishd/mgt/mgt_vcc.c
index ec117db..12433ad 100644
--- a/bin/varnishd/mgt/mgt_vcc.c
+++ b/bin/varnishd/mgt/mgt_vcc.c
@@ -37,6 +37,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <sys/stat.h>
 
 #include "mgt/mgt.h"
 
@@ -272,6 +273,14 @@ mgt_run_cc(const char *vcl, struct vsb *sb, int C_flag)
 	if (!i)
 		i = VSUB_run(sb, run_dlopen, of, "dlopen", 10);
 
+	/* Ensure the file is readable to the unprivileged user */
+	if (!i) {
+		i = chmod(of, 0755);
+		if (i)
+			VSB_printf(sb, "Failed to set permissions on %s: %s",
+				   of, strerror(errno));
+	}
+
 	if (i) {
 		(void)unlink(of);
 		return (NULL);



More information about the varnish-commit mailing list