[master] ee43963 Force file permissions 0755 on compiled vcl .so file to make sure it is readable by the unprivileged user.
Martin Blix Grydeland
martin at varnish-cache.org
Mon Dec 19 15:42:40 CET 2011
commit ee439631b413cc5505e384c233ca36930cd33a70
Author: Martin Blix Grydeland <martin at varnish-software.com>
Date: Mon Dec 19 14:59:12 2011 +0100
Force file permissions 0755 on compiled vcl .so file to make sure it
is readable by the unprivileged user.
Fixes: #1072
diff --git a/bin/varnishd/mgt/mgt_vcc.c b/bin/varnishd/mgt/mgt_vcc.c
index ec117db..12433ad 100644
--- a/bin/varnishd/mgt/mgt_vcc.c
+++ b/bin/varnishd/mgt/mgt_vcc.c
@@ -37,6 +37,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <sys/stat.h>
#include "mgt/mgt.h"
@@ -272,6 +273,14 @@ mgt_run_cc(const char *vcl, struct vsb *sb, int C_flag)
if (!i)
i = VSUB_run(sb, run_dlopen, of, "dlopen", 10);
+ /* Ensure the file is readable to the unprivileged user */
+ if (!i) {
+ i = chmod(of, 0755);
+ if (i)
+ VSB_printf(sb, "Failed to set permissions on %s: %s",
+ of, strerror(errno));
+ }
+
if (i) {
(void)unlink(of);
return (NULL);
More information about the varnish-commit
mailing list