[master] dadd797 Introduce a sandbox test early enough to affect default parameters.
Poul-Henning Kamp
phk at FreeBSD.org
Thu Feb 12 00:45:54 CET 2015
commit dadd7976db08d2110d1060332784b7f5d0dc9444
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Wed Feb 11 23:45:32 2015 +0000
Introduce a sandbox test early enough to affect default parameters.
diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h
index 9c1c13d..3fe9176 100644
--- a/bin/varnishd/mgt/mgt.h
+++ b/bin/varnishd/mgt/mgt.h
@@ -88,10 +88,11 @@ void MCF_TcpParams(void);
/* mgt_sandbox.c */
enum sandbox_e {
- SANDBOX_VCC = 1,
- SANDBOX_CC = 2,
- SANDBOX_VCLLOAD = 3,
- SANDBOX_WORKER = 4,
+ SANDBOX_TESTING,
+ SANDBOX_VCC,
+ SANDBOX_CC,
+ SANDBOX_VCLLOAD,
+ SANDBOX_WORKER,
};
typedef void mgt_sandbox_f(enum sandbox_e);
diff --git a/bin/varnishd/mgt/mgt_sandbox.c b/bin/varnishd/mgt/mgt_sandbox.c
index a7b5abf..276fc73 100644
--- a/bin/varnishd/mgt/mgt_sandbox.c
+++ b/bin/varnishd/mgt/mgt_sandbox.c
@@ -60,6 +60,8 @@
#include "common/params.h"
#include "mgt/mgt_param.h"
+#include <vsub.h>
+
mgt_sandbox_f *mgt_sandbox;
/*--------------------------------------------------------------------
@@ -177,49 +179,77 @@ static struct parspec mgt_parspec_sandbox[] = {
/*--------------------------------------------------------------------*/
+static void __match_proto__(mgt_sandbox_f)
+mgt_sandbox_null(enum sandbox_e who)
+{
+ (void)who;
+}
+
+/*--------------------------------------------------------------------*/
+
#ifndef HAVE_SETPPRIV
static void __match_proto__(mgt_sandbox_f)
mgt_sandbox_unix(enum sandbox_e who)
{
#define NGID 2000
int i;
- gid_t gid_list[NGID];
-
- if (geteuid() != 0) {
- REPORT0(LOG_INFO, "Not running as root, no priv-sep");
- return;
+ gid_t gid, gid_list[NGID];
+ uid_t uid;
+
+ if (who == SANDBOX_TESTING) {
+ /*
+ * Test if sandboxing is going to work.
+ * Do not assert on failure here, but simply exit non-zero.
+ */
+ gid = getgid();
+ gid += 1;
+ if (setgid(gid))
+ exit(1);
+ uid = getuid();
+ uid += 1;
+ if (setuid(uid))
+ exit(2);
+ exit(0);
}
- XXXAZ(setgid(mgt_param.gid));
- XXXAZ(initgroups(mgt_param.user, mgt_param.gid));
+ /*
+ * Do the real thing, assert if we fail
+ */
+
+ AZ(setgid(mgt_param.gid));
+ AZ(initgroups(mgt_param.user, mgt_param.gid));
if (who == SANDBOX_CC && strlen(mgt_param.group_cc) > 0) {
/* Add the optional extra group for the C-compiler access */
i = getgroups(NGID, gid_list);
assert(i >= 0);
gid_list[i++] = mgt_param.gid_cc;
- XXXAZ(setgroups(i, gid_list));
+ AZ(setgroups(i, gid_list));
}
- XXXAZ(setuid(mgt_param.uid));
-}
-#endif
-
-/*--------------------------------------------------------------------*/
+ AZ(setuid(mgt_param.uid));
#ifdef __linux__
-static void __match_proto__(mgt_sandbox_f)
-mgt_sandbox_linux(enum sandbox_e who)
-{
- mgt_sandbox_unix(who);
-
+ /*
+ * On linux mucking about with uid/gid disables core-dumps, * reenable them again.
+ */
if (prctl(PR_SET_DUMPABLE, 1) != 0) {
REPORT0(LOG_INFO,
"Could not set dumpable bit. Core dumps turned off\n");
}
+#endif
}
#endif
+/*--------------------------------------------------------------------*/
+
+static void __match_proto__(sub_func_f)
+run_sandbox_test(void *priv)
+{
+
+ (void)priv;
+ mgt_sandbox(SANDBOX_TESTING);
+}
/*--------------------------------------------------------------------*/
@@ -228,7 +258,24 @@ mgt_sandbox_init(void)
{
struct passwd *pwd;
struct group *grp;
+ struct vsb *sb;
+ unsigned subs;
+
+ /* Pick a sandbox */
+
+#ifdef HAVE_SETPPRIV
+ mgt_sandbox = mgt_sandbox_solaris;
+#else
+ mgt_sandbox = mgt_sandbox_unix;
+#endif
+
+ /* Test it */
+ sb = VSB_new_auto();
+ subs = VSUB_run(sb, run_sandbox_test, NULL, "SANDBOX-test", 10);
+ VSB_delete(sb);
+ if (subs)
+ mgt_sandbox = mgt_sandbox_null;
MCF_AddParams(mgt_parspec_sandbox);
@@ -259,13 +306,4 @@ mgt_sandbox_init(void)
MCF_SetDefault("group", grp->gr_name);
}
endgrent();
-
-
-#ifdef HAVE_SETPPRIV
- mgt_sandbox = mgt_sandbox_solaris;
-#elif defined (__linux__)
- mgt_sandbox = mgt_sandbox_linux;
-#else
- mgt_sandbox = mgt_sandbox_unix;
-#endif
}
More information about the varnish-commit
mailing list