[master] dc8b52b Used raised jail privs for file operations, and leave the -n dir owned by the initial uid/gid of the varnishd process.
Poul-Henning Kamp
phk at FreeBSD.org
Tue Apr 14 10:46:05 CEST 2015
commit dc8b52bcaa47db5192f6be031c35245eaef626dc
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Tue Apr 14 08:45:36 2015 +0000
Used raised jail privs for file operations, and leave the -n dir
owned by the initial uid/gid of the varnishd process.
diff --git a/bin/varnishd/mgt/mgt_cli.c b/bin/varnishd/mgt/mgt_cli.c
index bf70e03..74980a4 100644
--- a/bin/varnishd/mgt/mgt_cli.c
+++ b/bin/varnishd/mgt/mgt_cli.c
@@ -284,13 +284,16 @@ mcf_auth(struct cli *cli, const char *const *av, void *priv)
VCLI_SetResult(cli, CLIS_CANT);
return;
}
+ VJ_master(JAIL_MASTER_FILE);
fd = open(secret_file, O_RDONLY);
if (fd < 0) {
VCLI_Out(cli, "Cannot open secret file (%s)\n",
strerror(errno));
VCLI_SetResult(cli, CLIS_CANT);
+ VJ_master(JAIL_MASTER_LOW);
return;
}
+ VJ_master(JAIL_MASTER_LOW);
mgt_got_fd(fd);
VCLI_AuthResponse(fd, cli->challenge, buf);
AZ(close(fd));
@@ -494,11 +497,13 @@ mgt_cli_secret(const char *S_arg)
/* Save in shmem */
mgt_SHM_static_alloc(S_arg, strlen(S_arg) + 1L, "Arg", "-S", "");
+ VJ_master(JAIL_MASTER_FILE);
fd = open(S_arg, O_RDONLY);
if (fd < 0) {
fprintf(stderr, "Can not open secret-file \"%s\"\n", S_arg);
exit(2);
}
+ VJ_master(JAIL_MASTER_LOW);
mgt_got_fd(fd);
i = read(fd, buf, sizeof buf);
if (i == 0) {
diff --git a/bin/varnishd/mgt/mgt_jail.c b/bin/varnishd/mgt/mgt_jail.c
index b9a1ad9..260e6f6 100644
--- a/bin/varnishd/mgt/mgt_jail.c
+++ b/bin/varnishd/mgt/mgt_jail.c
@@ -145,6 +145,7 @@ VJ_make_workdir(const char *dname)
return;
}
+ VJ_master(JAIL_MASTER_FILE);
if (mkdir(dname, 0755) < 0 && errno != EEXIST)
ARGV_ERR("Cannot create working directory '%s': %s\n",
dname, strerror(errno));
@@ -160,6 +161,7 @@ VJ_make_workdir(const char *dname)
dname, strerror(errno));
AZ(close(fd));
AZ(unlink("_.testfile"));
+ VJ_master(JAIL_MASTER_LOW);
}
void
diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c
index a10c645..8b989a8 100644
--- a/bin/varnishd/mgt/mgt_jail_unix.c
+++ b/bin/varnishd/mgt/mgt_jail_unix.c
@@ -47,6 +47,7 @@
#include <sys/prctl.h>
#endif
+static gid_t vju_mgr_gid;
static uid_t vju_uid;
static gid_t vju_gid;
static const char *vju_user;
@@ -111,6 +112,8 @@ vju_init(char **args)
if (geteuid() != 0)
ARGV_ERR("Unix Jail: Must be root.\n");
+ vju_mgr_gid = getgid();
+
for (;*args != NULL; args++) {
if (!strncmp(*args, "user=", 5)) {
if (vju_getuid((*args) + 5))
@@ -139,10 +142,13 @@ vju_init(char **args)
static void __match_proto__(jail_master_f)
vju_master(enum jail_master_e jme)
{
- if (jme == JAIL_MASTER_LOW)
+ if (jme == JAIL_MASTER_LOW) {
+ AZ(setegid(vju_gid));
AZ(seteuid(vju_uid));
- else
+ } else {
AZ(seteuid(0));
+ AZ(setegid(vju_mgr_gid));
+ }
}
static void __match_proto__(jail_subproc_f)
@@ -178,42 +184,11 @@ vju_subproc(enum jail_subproc_e jse)
}
static void __match_proto__(jail_make_dir_f)
-vju_make_workdir(const char *dname)
-{
- int fd;
-
- AZ(seteuid(0));
-
- if (mkdir(dname, 0755) < 0 && errno != EEXIST)
- ARGV_ERR("Cannot create working directory '%s': %s\n",
- dname, strerror(errno));
-
- if (chown(dname, vju_uid, vju_gid) < 0)
- ARGV_ERR(
- "Cannot set owner/group on working directory '%s': %s\n",
- dname, strerror(errno));
-
- if (chdir(dname) < 0)
- ARGV_ERR("Cannot change to working directory '%s': %s\n",
- dname, strerror(errno));
-
- AZ(seteuid(vju_uid));
-
- fd = open("_.testfile", O_RDWR|O_CREAT|O_EXCL, 0600);
- if (fd < 0)
- ARGV_ERR("Error: Cannot create test-file in %s (%s)\n"
- "Check permissions (or delete old directory)\n",
- dname, strerror(errno));
- AZ(close(fd));
- AZ(unlink("_.testfile"));
-}
-
-static void __match_proto__(jail_make_dir_f)
vju_make_vcldir(const char *dname)
{
AZ(seteuid(0));
- AZ(mkdir(dname, 0755));
+ assert((mkdir(dname, 0755) == 0) || errno == EEXIST);
AZ(chown(dname, vju_uid, vju_gid));
AZ(seteuid(vju_uid));
}
@@ -232,7 +207,6 @@ const struct jail_tech jail_tech_unix = {
.name = "unix",
.init = vju_init,
.master = vju_master,
- .make_workdir = vju_make_workdir,
.make_vcldir = vju_make_vcldir,
.storage_file = vju_storage_file,
.subproc = vju_subproc,
diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c
index 7e98190..48e654e 100644
--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -324,7 +324,7 @@ make_secret(const char *dirname)
assert(asprintf(&fn, "%s/_.secret", dirname) > 0);
VJ_master(JAIL_MASTER_FILE);
- fd = open(fn, O_RDWR|O_CREAT|O_TRUNC, 0600);
+ fd = open(fn, O_RDWR|O_CREAT|O_TRUNC, 0640);
if (fd < 0) {
fprintf(stderr, "Cannot create secret-file in %s (%s)\n",
dirname, strerror(errno));
@@ -630,9 +630,11 @@ main(int argc, char * const *argv)
VJ_make_workdir(dirname);
/* XXX: should this be relative to the -n arg ? */
+ VJ_master(JAIL_MASTER_FILE);
if (P_arg && (pfh = VPF_Open(P_arg, 0644, NULL)) == NULL)
ARGV_ERR("Could not open pid/lock (-P) file (%s): %s\n",
P_arg, strerror(errno));
+ VJ_master(JAIL_MASTER_LOW);
mgt_vcc_init();
mgt_vcl_init();
diff --git a/bin/varnishd/mgt/mgt_shmem.c b/bin/varnishd/mgt/mgt_shmem.c
index f0a9141..7ac8a53 100644
--- a/bin/varnishd/mgt/mgt_shmem.c
+++ b/bin/varnishd/mgt/mgt_shmem.c
@@ -197,7 +197,9 @@ mgt_SHM_Create(void)
bprintf(fnbuf, "%s.%jd", VSM_FILENAME, (intmax_t)getpid());
+ VJ_master(JAIL_MASTER_FILE);
vsm_fd = vsm_zerofile(fnbuf, size);
+ VJ_master(JAIL_MASTER_LOW);
if (vsm_fd < 0)
exit(1);
@@ -255,12 +257,14 @@ mgt_SHM_Commit(void)
char fnbuf[64];
bprintf(fnbuf, "%s.%jd", VSM_FILENAME, (intmax_t)getpid());
+ VJ_master(JAIL_MASTER_FILE);
if (rename(fnbuf, VSM_FILENAME)) {
fprintf(stderr, "Rename failed %s -> %s: %s\n",
fnbuf, VSM_FILENAME, strerror(errno));
(void)unlink(fnbuf);
exit(1);
}
+ VJ_master(JAIL_MASTER_LOW);
}
/*--------------------------------------------------------------------
More information about the varnish-commit
mailing list