You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by am...@apache.org on 2011/04/27 16:22:22 UTC
svn commit: r1097128 - in /trafficserver/traffic/trunk: lib/ts/ink_cap.cc proxy/Main.cc

Author: amc
Date: Wed Apr 27 14:22:22 2011
New Revision: 1097128

URL: http://svn.apache.org/viewvc?rev=1097128&view=rev
Log:
Further setuid fixes for TS-748

Modified:
    trafficserver/traffic/trunk/lib/ts/ink_cap.cc
    trafficserver/traffic/trunk/proxy/Main.cc

Modified: trafficserver/traffic/trunk/lib/ts/ink_cap.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/lib/ts/ink_cap.cc?rev=1097128&r1=1097127&r2=1097128&view=diff
==============================================================================
--- trafficserver/traffic/trunk/lib/ts/ink_cap.cc (original)
+++ trafficserver/traffic/trunk/lib/ts/ink_cap.cc Wed Apr 27 14:22:22 2011
@@ -3,35 +3,37 @@
 # include "ink_cap.h"
 
 # if TS_USE_POSIX_CAP
-# include <sys/capability.h>
-# include <sys/prctl.h>
+#   include <sys/capability.h>
+#   include <sys/prctl.h>
 # endif
 
 void
 DebugCapabilities(char const* tag) {
   if (is_debug_tag_set(tag)) {
-# if TS_USE_POSIX_CAP
-    cap_t caps = cap_get_proc();
-    char* caps_text = cap_to_text(caps, 0);
-# endif
+#   if TS_USE_POSIX_CAP
+      cap_t caps = cap_get_proc();
+      char* caps_text = cap_to_text(caps, 0);
+#   endif
 
     Debug(tag,
       "uid=%u, gid=%u, euid=%u, egid=%u"
-# if TS_USE_POSIX_CAP
-      ", caps %s thread 0x%x"
-# endif
-      ,(unsigned)getuid(), (unsigned)getgid()
-      ,(unsigned)geteuid(), (unsigned)getegid()
-# if TS_USE_POSIX_CAP
-      ,caps_text
-      ,pthread_self()
-# endif
+#     if TS_USE_POSIX_CAP
+        ", caps %s thread 0x%x"
+#     endif
+      ,static_cast<unsigned int>(getuid())
+      ,static_cast<unsigned int>(getgid())
+      ,static_cast<unsigned int>(geteuid())
+      ,static_cast<unsigned int>(getegid())
+#     if TS_USE_POSIX_CAP
+        ,caps_text
+        ,pthread_self()
+#     endif
     );
 
-# if TS_USE_POSIX_CAP
-    cap_free(caps_text);
-    cap_free(caps);
-# endif
+#   if TS_USE_POSIX_CAP
+      cap_free(caps_text);
+      cap_free(caps);
+#   endif
   }
 }
 
@@ -39,7 +41,7 @@ int
 PreserveCapabilities() {
   int zret = 0;
 # if TS_USE_POSIX_CAP
-  zret = prctl(PR_SET_KEEPCAPS, 1);
+    zret = prctl(PR_SET_KEEPCAPS, 1);
 # endif
   return zret;
 }
@@ -48,18 +50,16 @@ PreserveCapabilities() {
 int
 RestrictCapabilities() {
   int zret = 0; // return value.
-#if TS_USE_POSIX_CAP
-  cap_t caps = cap_get_proc(); // Only way to initialize it AFAICT.
-  cap_clear(caps);
-  // Capabilities we need.
-  cap_value_t cap_list[] = { CAP_NET_ADMIN, CAP_NET_BIND_SERVICE };
-  static int const CAP_COUNT = sizeof(cap_list)/sizeof(*cap_list);
-
-  cap_set_flag(caps, CAP_INHERITABLE, CAP_COUNT, cap_list, CAP_SET);
-  cap_set_flag(caps, CAP_PERMITTED, CAP_COUNT, cap_list, CAP_SET);
-  cap_set_flag(caps, CAP_EFFECTIVE, CAP_COUNT, cap_list, CAP_SET);
-  zret = cap_set_proc(caps);
-  cap_free(caps);
-#endif
+# if TS_USE_POSIX_CAP
+    cap_t caps = cap_init(); // start with nothing.
+    // Capabilities we need.
+    cap_value_t cap_list[] = { CAP_NET_ADMIN, CAP_NET_BIND_SERVICE };
+    static int const CAP_COUNT = sizeof(cap_list)/sizeof(*cap_list);
+
+    cap_set_flag(caps, CAP_PERMITTED, CAP_COUNT, cap_list, CAP_SET);
+    cap_set_flag(caps, CAP_EFFECTIVE, CAP_COUNT, cap_list, CAP_SET);
+    zret = cap_set_proc(caps);
+    cap_free(caps);
+#  endif
   return zret;
 }

Modified: trafficserver/traffic/trunk/proxy/Main.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/proxy/Main.cc?rev=1097128&r1=1097127&r2=1097128&view=diff
==============================================================================
--- trafficserver/traffic/trunk/proxy/Main.cc (original)
+++ trafficserver/traffic/trunk/proxy/Main.cc Wed Apr 27 14:22:22 2011
@@ -1498,10 +1498,12 @@ change_uid_gid(const char *user)
 
   char *buf = (char *)xmalloc(buflen);
 
-  if (geteuid()) {
-    // Not running as root
-    Debug("server",
-          "Can't change user to : %s because running with effective uid=%d",
+  if (0 != geteuid() && 0 == getuid()) seteuid(0); // revert euid if possible.
+  if (0 != geteuid()) {
+    // Not root so can't change user ID. Logging isn't operational yet so
+    // we have to write directly to stderr. Perhaps this should be fatal?
+    fprintf(stderr,
+          "Can't change user to '%s' because running with effective uid=%d",
           user, geteuid());
   }
   else {
@@ -1655,7 +1657,8 @@ main(int argc, char **argv)
     RestrictCapabilities();
     xfree(user);
   }
-  DebugCapabilities("server");
+  // Can't generate a log message yet, do that right after Diags is
+  // setup.
 
   // This call is required for win_9xMe
   //without this this_ethread() is failing when
@@ -1675,6 +1678,7 @@ main(int argc, char **argv)
   diags->prefix_str = "Server ";
   if (is_debug_tag_set("diags"))
     diags->dump();
+  DebugCapabilities("server"); // Can do this now, logging is up.
 
   // Check for core file
   if (core_file[0] != '\0') {