Hi, @there Please review and commit the patch to fix mgt_sandbox_unix.
Thanks Regards From 79b9db3ccb5dc5c8b3e441f7a89f1195e1d6c8b7 Mon Sep 17 00:00:00 2001 From: ijammy <[email protected]> Date: Wed, 30 Jul 2014 22:53:36 +0800 Subject: [PATCH] mgt_sandbox_unix will break if there're more than 10 groups --- bin/varnishd/mgt/mgt_sandbox.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/bin/varnishd/mgt/mgt_sandbox.c b/bin/varnishd/mgt/mgt_sandbox.c index 973ec83..fe0ad11 100644 --- a/bin/varnishd/mgt/mgt_sandbox.c +++ b/bin/varnishd/mgt/mgt_sandbox.c @@ -53,6 +53,7 @@ #include <syslog.h> #include <string.h> #include <unistd.h> +#include <stdlib.h> #include "mgt/mgt.h" #include "common/params.h" @@ -63,9 +64,8 @@ static void __match_proto__(mgt_sandbox_f) mgt_sandbox_unix(enum sandbox_e who) { -#define NGID 10 - gid_t gid_list[NGID]; - int i; + gid_t *gid_list = NULL; + int i,n; if (geteuid() != 0) { REPORT0(LOG_INFO, "Not running as root, no priv-sep"); @@ -76,11 +76,16 @@ mgt_sandbox_unix(enum sandbox_e who) XXXAZ(initgroups(mgt_param.user, mgt_param.gid)); if (who == SANDBOX_CC && strlen(mgt_param.group_cc) > 0) { + + /*If gidsetsize is 0, getgroups() returns the number of groups without modifying the grouplist[] array.*/ + n = getgroups(0,gid_list); + gid_list = calloc(n+1,sizeof(gid_t)); /* Add the optional extra group for the C-compiler access */ - i = getgroups(NGID, gid_list); + i = getgroups(n+1, gid_list); assert(i >= 0); gid_list[i++] = mgt_param.gid_cc; XXXAZ(setgroups(i, gid_list)); + free(gid_list); } XXXAZ(setuid(mgt_param.uid)); -- 2.0.1.442.g7fe6834
0001-mgt_sandbox_unix-will-break-if-there-re-more-than-10.patch
Description: Binary data
_______________________________________________ varnish-dev mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
