Hi phk, > I put the solaris sandbox in its own sourcefile for clarity, yell at me > (and send patches) until it works :-)
Here's one. Thanks, Nils
>From 81872d85b374347551da149e1b182a5d0902200a Mon Sep 17 00:00:00 2001 From: Nils Goroll <[email protected]> Date: Tue, 11 Oct 2011 18:14:59 +0200 Subject: [PATCH] Add Solaris-specific setuid/setgid code which got lost with source file seperation with [f837fbca893cc09458482c5283456bf8990aeee6]. Put generic privilege seperation code into an inline function for clarity. --- bin/varnishd/mgt.h | 1 + bin/varnishd/mgt_sandbox.c | 23 +++++++++++++++-------- bin/varnishd/mgt_sandbox_solaris.c | 15 +++++++++++++++ 3 files changed, 31 insertions(+), 8 deletions(-) diff --git a/bin/varnishd/mgt.h b/bin/varnishd/mgt.h index 2b17052..1656af8 100644 --- a/bin/varnishd/mgt.h +++ b/bin/varnishd/mgt.h @@ -70,6 +70,7 @@ void mgt_sandbox(void); #ifdef HAVE_SETPPRIV void mgt_sandbox_solaris_init(void); void mgt_sandbox_solaris_fini(void); +void mgt_sandbox_solaris_privsep(void); #endif /* mgt_shmem.c */ diff --git a/bin/varnishd/mgt_sandbox.c b/bin/varnishd/mgt_sandbox.c index 3aba7cc..14b8d43 100644 --- a/bin/varnishd/mgt_sandbox.c +++ b/bin/varnishd/mgt_sandbox.c @@ -56,6 +56,18 @@ #include "heritage.h" +/* inline attribute also avoids "defined but not used" warning */ +inline static void +mgt_sandbox_privsep(void) +{ + if (geteuid() == 0) { + XXXAZ(setgid(params->gid)); + XXXAZ(setuid(params->uid)); + } else { + REPORT0(LOG_INFO, "Not running as root, no priv-sep"); + } +} + /*--------------------------------------------------------------------*/ /* Waive all privileges in the child, it does not need any */ @@ -63,18 +75,13 @@ void mgt_sandbox(void) { - #ifdef HAVE_SETPPRIV mgt_sandbox_solaris_init(); + mgt_sandbox_solaris_privsep(); +#else + mgt_sandbox_privsep(); #endif - if (geteuid() == 0) { - XXXAZ(setgid(params->gid)); - XXXAZ(setuid(params->uid)); - } else { - REPORT0(LOG_INFO, "Not running as root, no priv-sep"); - } - /* On Linux >= 2.4, you need to set the dumpable flag to get core dumps after you have done a setuid. */ diff --git a/bin/varnishd/mgt_sandbox_solaris.c b/bin/varnishd/mgt_sandbox_solaris.c index 5c50c83..534f609 100644 --- a/bin/varnishd/mgt_sandbox_solaris.c +++ b/bin/varnishd/mgt_sandbox_solaris.c @@ -40,6 +40,7 @@ #include <stdio.h> #include <string.h> #include <syslog.h> +#include <unistd.h> #include "mgt.h" @@ -153,6 +154,20 @@ mgt_sandbox_solaris_init(void) priv_freeset(priv_all); } +void +mgt_sandbox_solaris_privsep(void) +{ + if (priv_ineffect(PRIV_PROC_SETID)) { + if (getgid() != params->gid) + XXXAZ(setgid(params->gid)); + if (getuid() != params->uid) + XXXAZ(setuid(params->uid)); + } else { + REPORT(LOG_INFO, "Privilege %s missing, will not change uid/gid", + PRIV_PROC_SETID); + } +} + /* * Waive most privileges in the child * -- 1.5.6.5
_______________________________________________ varnish-dev mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
