TS-3103: use scoped ElevateAccess to elevate privileges Rather than using explicit root privilege escalation, elevate privilege using the scope ElevateAccess wrapper.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/549108ea Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/549108ea Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/549108ea Branch: refs/heads/master Commit: 549108ea80913975e52e4d5a9b4fc1404fbecf2a Parents: 090a75a Author: James Peach <jpe...@apache.org> Authored: Fri Sep 26 13:42:05 2014 -0700 Committer: James Peach <jpe...@apache.org> Committed: Thu Oct 2 15:52:38 2014 -0700 ---------------------------------------------------------------------- mgmt/LocalManager.cc | 26 +---------------- mgmt/Rollback.cc | 74 +++++------------------------------------------ 2 files changed, 9 insertions(+), 91 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/549108ea/mgmt/LocalManager.cc ---------------------------------------------------------------------- diff --git a/mgmt/LocalManager.cc b/mgmt/LocalManager.cc index 885b054..936e5ea 100644 --- a/mgmt/LocalManager.cc +++ b/mgmt/LocalManager.cc @@ -1076,21 +1076,7 @@ LocalManager::bindProxyPort(HttpProxyPort& port) { int one = 1; -#if !TS_USE_POSIX_CAP - bool privBoost = false; - uid_t euid = geteuid(); - uid_t saved_euid = 0; - - if (port.m_port < 1024 && euid != 0) { - if (restoreRootPriv(&saved_euid) == false) { - mgmt_elog(stderr, 0, "[bindProxyPort] Unable to get root priviledges to bind port %d. euid is %d. Exiting\n", - port.m_port, euid); - _exit(0); - } else { - privBoost = true; - } - } -#endif + ElevateAccess access(port.m_port < 1024 && geteuid() != 0); /* Setup reliable connection, for large config changes */ if ((port.m_fd = socket(port.m_family, SOCK_STREAM, 0)) < 0) { @@ -1152,16 +1138,6 @@ LocalManager::bindProxyPort(HttpProxyPort& port) Debug("lm", "[bindProxyPort] Successfully bound proxy port %d\n", port.m_port); -#if !TS_USE_POSIX_CAP - if (port.m_port < 1024 && euid != 0) { - if (privBoost == true) { - if (removeRootPriv(saved_euid) == false) { - mgmt_elog(stderr, 0, "[bindProxyPort] Unable to reset permissions to euid %d. Exiting...\n", getuid()); - _exit(1); - } - } - } -#endif } void http://git-wip-us.apache.org/repos/asf/trafficserver/blob/549108ea/mgmt/Rollback.cc ---------------------------------------------------------------------- diff --git a/mgmt/Rollback.cc b/mgmt/Rollback.cc index 3ed09b3..003d12f 100644 --- a/mgmt/Rollback.cc +++ b/mgmt/Rollback.cc @@ -224,10 +224,8 @@ char * Rollback::createPathStr(version_t version) { - char *buffer; int bufSize = strlen(Layout::get()->sysconfdir) + fileNameLen + MAX_VERSION_DIGITS + 1; - - buffer = new char[bufSize]; + char * buffer = (char *)ats_malloc(bufSize); Layout::get()->relative_to(buffer, bufSize, Layout::get()->sysconfdir, fileName); @@ -248,44 +246,17 @@ Rollback::createPathStr(version_t version) int Rollback::statFile(version_t version, struct stat *buf) { - char *filePath; int statResult; -#if !TS_USE_POSIX_CAP - uid_t saved_euid = 0; -#endif if (version == this->currentVersion) { version = ACTIVE_VERSION; } - filePath = createPathStr(version); - - if (root_access_needed) { - if ( -#if TS_USE_POSIX_CAP - elevateFileAccess(true) -#else - restoreRootPriv(&saved_euid) -#endif - != true) { - mgmt_log(stderr, "[Rollback] Unable to acquire root privileges.\n"); - } - } - statResult = stat(filePath, buf); + ats_scoped_str filePath(createPathStr(version)); + ElevateAccess access(root_access_needed); - if (root_access_needed) { - if ( -#if TS_USE_POSIX_CAP - elevateFileAccess(false) -#else - removeRootPriv(saved_euid) -#endif - != true) { - mgmt_log(stderr, "[Rollback] Unable to restore non-root privileges.\n"); - } - } + statResult = stat(filePath, buf); - delete[]filePath; return statResult; } @@ -297,54 +268,25 @@ Rollback::statFile(version_t version, struct stat *buf) int Rollback::openFile(version_t version, int oflags, int *errnoPtr) { - char *filePath; int fd; -#if !TS_USE_POSIX_CAP - uid_t saved_euid = 0; -#endif - - filePath = createPathStr(version); - - if (root_access_needed) { - if ( -#if TS_USE_POSIX_CAP - elevateFileAccess(true) -#else - restoreRootPriv(&saved_euid) -#endif - != true) { - mgmt_log(stderr, "[Rollback] Unable to acquire root privileges.\n"); - } - } + + ats_scoped_str filePath(createPathStr(version)); + ElevateAccess access(root_access_needed); // TODO: Use the original permissions // Anyhow the _1 files should not be created inside Syconfdir. // fd = mgmt_open_mode(filePath, oflags, 0644); - if (root_access_needed) { - if ( -#if TS_USE_POSIX_CAP - elevateFileAccess(false) -#else - removeRootPriv(saved_euid) -#endif - != true) { - mgmt_log(stderr, "[Rollback] Unable to restore non-root privileges.\n"); - } - } if (fd < 0) { if (errnoPtr != NULL) { *errnoPtr = errno; } mgmt_log(stderr, "[Rollback::openFile] Open of %s failed: %s\n", fileName, strerror(errno)); - } - else { + } else { fcntl(fd, F_SETFD, 1); } - delete[]filePath; - return fd; }