Hello all, The three enclosed patches from slink (who sends his best wishes) correct build errors and sandbox (privilege separation) bugs in the Solaris port, to be applied to the current master branch.
0001: Fixes a compile error (incorrect signature for SES_Delete() in cache_waiter_ports.c) 0002: portable cast from thread_id to (void *) in varnishreplay.c 0003: implements Solaris privilege separation for running vcc/cc (without which the VCL-/C-Compiler was failing) With these patches, I get all of make check except for v00017 to pass. Best, Geoff -- ** * * UPLEX - Nils Goroll Systemoptimierung Schwanenwik 24 22087 Hamburg Tel +49 40 2880 5731 Mob +49 176 636 90917 Fax +49 40 42949753 http://uplex.de
From 8b900e9ffc8db69bd37984d3ab7203186928ce0f Mon Sep 17 00:00:00 2001 From: Nils Goroll <[email protected]> Date: Wed, 18 Jul 2012 20:50:04 +0200 Subject: [PATCH] adjust to new signature of SES_Delete --- bin/varnishd/waiter/cache_waiter_ports.c | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) diff --git a/bin/varnishd/waiter/cache_waiter_ports.c b/bin/varnishd/waiter/cache_waiter_ports.c index 87eaeac..af5d965 100644 --- a/bin/varnishd/waiter/cache_waiter_ports.c +++ b/bin/varnishd/waiter/cache_waiter_ports.c @@ -80,14 +80,13 @@ vws_port_ev(struct vws *vws, port_event_t *ev, double now) { VTAILQ_INSERT_TAIL(&vws->sesshead, sp, list); vws_add(vws, sp->fd, sp); } else { - int i; assert(ev->portev_source == PORT_SOURCE_FD); CAST_OBJ_NOTNULL(sp, ev->portev_user, SESS_MAGIC); assert(sp->fd >= 0); if(ev->portev_events & POLLERR) { vws_del(vws, sp->fd); VTAILQ_REMOVE(&vws->sesshead, sp, list); - SES_Delete(sp, "EOF", now); + SES_Delete(sp, SC_REM_CLOSE, now); return; } @@ -211,7 +210,7 @@ vws_thread(void *priv) if(sp->fd != -1) { vws_del(vws, sp->fd); } - SES_Delete(sp, "timeout", now); + SES_Delete(sp, SC_RX_TIMEOUT, now); } /* -- 1.5.6.5
From 6a9f312b62ba85a729085ec689c032a354943fba Mon Sep 17 00:00:00 2001 From: Nils Goroll <[email protected]> Date: Wed, 18 Jul 2012 21:01:20 +0200 Subject: [PATCH] portable cast from thread_id to (void *) --- bin/varnishreplay/varnishreplay.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/varnishreplay/varnishreplay.c b/bin/varnishreplay/varnishreplay.c index aec3f5f..e32627a 100644 --- a/bin/varnishreplay/varnishreplay.c +++ b/bin/varnishreplay/varnishreplay.c @@ -182,7 +182,7 @@ thread_log(int lvl, int errcode, const char *fmt, ...) if (lvl > debug) return; pthread_mutex_lock(&log_mutex); - fprintf(stderr, "%p ", (void *)pthread_self()); + fprintf(stderr, "%p ", (void *)(uintptr_t)pthread_self()); va_start(ap, fmt); vfprintf(stderr, fmt, ap); va_end(ap); @@ -276,7 +276,7 @@ thread_get(int fd, void *(*thread_main)(void *)) } else { threads[fd]->fd = fd; thread_log(0, 0, "thread %p:%d started", - (void *)threads[fd]->thread_id, fd); + (void *)(uintptr_t)threads[fd]->thread_id, fd); } } if (threads[fd] == THREAD_FAIL) @@ -301,7 +301,7 @@ thread_close(int fd) mailbox_close(&threads[fd]->mbox); pthread_join(threads[fd]->thread_id, NULL); thread_log(0, 0, "thread %p stopped", - (void *)threads[fd]->thread_id); + (void *)(uintptr_t)threads[fd]->thread_id); thread_clear(threads[fd]); mailbox_destroy(&threads[fd]->mbox); freez(threads[fd]); -- 1.5.6.5
From 672cddf1c37b1b25596de60acd3111ee501867a9 Mon Sep 17 00:00:00 2001 From: Nils Goroll <[email protected]> Date: Thu, 19 Jul 2012 00:02:59 +0200 Subject: [PATCH] since vcc/cc are running with privilege seperation now, they also need more solaris privileges --- bin/varnishd/mgt/mgt.h | 13 ++++-- bin/varnishd/mgt/mgt_child.c | 2 +- bin/varnishd/mgt/mgt_sandbox.c | 10 +++-- bin/varnishd/mgt/mgt_sandbox_solaris.c | 73 ++++++++++++++++++++++++------- bin/varnishd/mgt/mgt_vcc.c | 6 +- 5 files changed, 75 insertions(+), 29 deletions(-) diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h index 512c6dc..ff6a24a 100644 --- a/bin/varnishd/mgt/mgt.h +++ b/bin/varnishd/mgt/mgt.h @@ -74,13 +74,18 @@ void MCF_DumpRstParam(void); extern struct params mgt_param; /* mgt_sandbox.c */ -void mgt_sandbox(void); +enum sandbox_childtype { + SAND_INVALID = 0, + SAND_RUN, + SAND_VCC +}; +void mgt_sandbox(enum sandbox_childtype t); /* mgt_sandbox_solaris.c */ #ifdef HAVE_SETPPRIV -void mgt_sandbox_solaris_init(void); -void mgt_sandbox_solaris_fini(void); -void mgt_sandbox_solaris_privsep(void); +void mgt_sandbox_solaris_init(enum sandbox_childtype t); +void mgt_sandbox_solaris_fini(enum sandbox_childtype t); +void mgt_sandbox_solaris_privsep(enum sandbox_childtype t); #endif /* mgt_shmem.c */ diff --git a/bin/varnishd/mgt/mgt_child.c b/bin/varnishd/mgt/mgt_child.c index 8661b73..94644ed 100644 --- a/bin/varnishd/mgt/mgt_child.c +++ b/bin/varnishd/mgt/mgt_child.c @@ -338,7 +338,7 @@ start_child(struct cli *cli) (void)signal(SIGINT, SIG_DFL); (void)signal(SIGTERM, SIG_DFL); - mgt_sandbox(); + mgt_sandbox(SAND_RUN); child_main(); diff --git a/bin/varnishd/mgt/mgt_sandbox.c b/bin/varnishd/mgt/mgt_sandbox.c index 3cd1d98..e8925bc 100644 --- a/bin/varnishd/mgt/mgt_sandbox.c +++ b/bin/varnishd/mgt/mgt_sandbox.c @@ -60,11 +60,13 @@ /* Waive all privileges in the child, it does not need any */ void -mgt_sandbox(void) +mgt_sandbox(enum sandbox_childtype t) { + (void)t; + #ifdef HAVE_SETPPRIV - mgt_sandbox_solaris_init(); - mgt_sandbox_solaris_privsep(); + mgt_sandbox_solaris_init(t); + mgt_sandbox_solaris_privsep(t); #else if (geteuid() == 0) { XXXAZ(setgid(mgt_param.gid)); @@ -84,7 +86,7 @@ mgt_sandbox(void) #endif #ifdef HAVE_SETPPRIV - mgt_sandbox_solaris_fini(); + mgt_sandbox_solaris_fini(t); #endif } diff --git a/bin/varnishd/mgt/mgt_sandbox_solaris.c b/bin/varnishd/mgt/mgt_sandbox_solaris.c index e043fef..0467936 100644 --- a/bin/varnishd/mgt/mgt_sandbox_solaris.c +++ b/bin/varnishd/mgt/mgt_sandbox_solaris.c @@ -1,5 +1,6 @@ /*- * Copyright (c) 2006-2011 Varnish Software AS + * Copyright (c) 2011-2012 UPLEX - Nils Goroll Systemoptimierung * All rights reserved. * * Author: Poul-Henning Kamp <[email protected]> @@ -38,6 +39,7 @@ #include <priv.h> #endif #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <syslog.h> #include <unistd.h> @@ -97,28 +99,60 @@ /* effective during runtime of the child */ static inline void -mgt_sandbox_solaris_add_effective(priv_set_t *pset) +mgt_sandbox_solaris_add_effective(priv_set_t *pset, enum sandbox_childtype t) { - /* PSARC/2009/685 - 8eca52188202 - onnv_132 */ - priv_addset(pset, "net_access"); + switch (t) { + case SAND_RUN: + /* PSARC/2009/685 - 8eca52188202 - onnv_132 */ + priv_addset(pset, "net_access"); + /* PSARC/2009/378 - 63678502e95e - onnv_140 */ + priv_addset(pset, "file_read"); + priv_addset(pset, "file_write"); + break; + case SAND_VCC: + break; + default: + fprintf(stderr, "INCOMPLETE AT: %s(%d)\n", __func__, __LINE__); + exit(1); + } +} - /* PSARC/2009/378 - 63678502e95e - onnv_140 */ - priv_addset(pset, "file_read"); - priv_addset(pset, "file_write"); +/* only vcc needs inheritable privileges */ +static inline void +mgt_sandbox_solaris_add_inheritable(priv_set_t *pset, enum sandbox_childtype t) +{ + switch (t) { + case SAND_RUN: + break; + case SAND_VCC: + priv_addset(pset, "proc_exec"); + priv_addset(pset, "proc_fork"); + /* PSARC/2009/378 - 63678502e95e - onnv_140 */ + priv_addset(pset, "file_read"); + priv_addset(pset, "file_write"); + break; + default: + fprintf(stderr, "INCOMPLETE AT: %s(%d)\n", __func__, __LINE__); + exit(1); + } } /* permitted during runtime of the child - for privilege bracketing */ static inline void -mgt_sandbox_solaris_add_permitted(priv_set_t *pset) +mgt_sandbox_solaris_add_permitted(priv_set_t *pset, enum sandbox_childtype t) { + (void) t; + /* for raising limits in cache_waiter_ports.c */ priv_addset(pset, PRIV_SYS_RESOURCE); } /* effective during mgt_sandbox */ static inline void -mgt_sandbox_solaris_add_initial(priv_set_t *pset) +mgt_sandbox_solaris_add_initial(priv_set_t *pset, enum sandbox_childtype t) { + (void) t; + /* for setgid/setuid */ priv_addset(pset, PRIV_PROC_SETID); } @@ -131,7 +165,7 @@ mgt_sandbox_solaris_add_initial(priv_set_t *pset) */ void -mgt_sandbox_solaris_init(void) +mgt_sandbox_solaris_init(enum sandbox_childtype t) { priv_set_t *priv_all; @@ -145,9 +179,9 @@ mgt_sandbox_solaris_init(void) priv_emptyset(priv_all); - mgt_sandbox_solaris_add_effective(priv_all); - mgt_sandbox_solaris_add_permitted(priv_all); - mgt_sandbox_solaris_add_initial(priv_all); + mgt_sandbox_solaris_add_effective(priv_all, t); + mgt_sandbox_solaris_add_permitted(priv_all, t); + mgt_sandbox_solaris_add_initial(priv_all, t); setppriv(PRIV_ON, PRIV_PERMITTED, priv_all); setppriv(PRIV_ON, PRIV_EFFECTIVE, priv_all); @@ -157,8 +191,10 @@ mgt_sandbox_solaris_init(void) } void -mgt_sandbox_solaris_privsep(void) +mgt_sandbox_solaris_privsep(enum sandbox_childtype t) { + (void)t; + if (priv_ineffect(PRIV_PROC_SETID)) { if (getgid() != mgt_param.gid) XXXAZ(setgid(mgt_param.gid)); @@ -188,7 +224,7 @@ mgt_sandbox_solaris_privsep(void) */ void -mgt_sandbox_solaris_fini(void) +mgt_sandbox_solaris_fini(enum sandbox_childtype t) { priv_set_t *effective, *inheritable, *permitted; @@ -202,13 +238,16 @@ mgt_sandbox_solaris_fini(void) return; } + /* simple scheme: (inheritable subset-of effective) subset-of permitted */ + priv_emptyset(inheritable); + mgt_sandbox_solaris_add_inheritable(inheritable, t); - priv_emptyset(effective); - mgt_sandbox_solaris_add_effective(effective); + priv_copyset(inheritable, effective); + mgt_sandbox_solaris_add_effective(effective, t); priv_copyset(effective, permitted); - mgt_sandbox_solaris_add_permitted(permitted); + mgt_sandbox_solaris_add_permitted(permitted, t); /* * invert the sets and clear privileges such that setppriv will always diff --git a/bin/varnishd/mgt/mgt_vcc.c b/bin/varnishd/mgt/mgt_vcc.c index 6f4642d..04f6d5e 100644 --- a/bin/varnishd/mgt/mgt_vcc.c +++ b/bin/varnishd/mgt/mgt_vcc.c @@ -137,7 +137,7 @@ run_vcc(void *priv) int fd, i, l; CAST_OBJ_NOTNULL(vp, priv, VCC_PRIV_MAGIC); - mgt_sandbox(); + mgt_sandbox(SAND_VCC); sb = VSB_new_auto(); XXXAN(sb); VCC_VCL_dir(vcc, mgt_vcl_dir); @@ -176,7 +176,7 @@ run_vcc(void *priv) static void run_cc(void *priv) { - mgt_sandbox(); + mgt_sandbox(SAND_VCC); (void)execl("/bin/sh", "/bin/sh", "-c", priv, NULL); } @@ -193,7 +193,7 @@ run_dlopen(void *priv) of = priv; - mgt_sandbox(); + mgt_sandbox(SAND_RUN); /* Try to load the object into this sub-process */ if ((dlh = dlopen(of, RTLD_NOW | RTLD_LOCAL)) == NULL) { -- 1.5.6.5
signature.asc
Description: OpenPGP digital signature
_______________________________________________ varnish-dev mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
