You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by am...@apache.org on 2011/04/27 16:22:22 UTC
svn commit: r1097128 - in /trafficserver/traffic/trunk: lib/ts/ink_cap.cc
proxy/Main.cc
Author: amc
Date: Wed Apr 27 14:22:22 2011
New Revision: 1097128
URL: http://svn.apache.org/viewvc?rev=1097128&view=rev
Log:
Further setuid fixes for TS-748
Modified:
trafficserver/traffic/trunk/lib/ts/ink_cap.cc
trafficserver/traffic/trunk/proxy/Main.cc
Modified: trafficserver/traffic/trunk/lib/ts/ink_cap.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/lib/ts/ink_cap.cc?rev=1097128&r1=1097127&r2=1097128&view=diff
==============================================================================
--- trafficserver/traffic/trunk/lib/ts/ink_cap.cc (original)
+++ trafficserver/traffic/trunk/lib/ts/ink_cap.cc Wed Apr 27 14:22:22 2011
@@ -3,35 +3,37 @@
# include "ink_cap.h"
# if TS_USE_POSIX_CAP
-# include <sys/capability.h>
-# include <sys/prctl.h>
+# include <sys/capability.h>
+# include <sys/prctl.h>
# endif
void
DebugCapabilities(char const* tag) {
if (is_debug_tag_set(tag)) {
-# if TS_USE_POSIX_CAP
- cap_t caps = cap_get_proc();
- char* caps_text = cap_to_text(caps, 0);
-# endif
+# if TS_USE_POSIX_CAP
+ cap_t caps = cap_get_proc();
+ char* caps_text = cap_to_text(caps, 0);
+# endif
Debug(tag,
"uid=%u, gid=%u, euid=%u, egid=%u"
-# if TS_USE_POSIX_CAP
- ", caps %s thread 0x%x"
-# endif
- ,(unsigned)getuid(), (unsigned)getgid()
- ,(unsigned)geteuid(), (unsigned)getegid()
-# if TS_USE_POSIX_CAP
- ,caps_text
- ,pthread_self()
-# endif
+# if TS_USE_POSIX_CAP
+ ", caps %s thread 0x%x"
+# endif
+ ,static_cast<unsigned int>(getuid())
+ ,static_cast<unsigned int>(getgid())
+ ,static_cast<unsigned int>(geteuid())
+ ,static_cast<unsigned int>(getegid())
+# if TS_USE_POSIX_CAP
+ ,caps_text
+ ,pthread_self()
+# endif
);
-# if TS_USE_POSIX_CAP
- cap_free(caps_text);
- cap_free(caps);
-# endif
+# if TS_USE_POSIX_CAP
+ cap_free(caps_text);
+ cap_free(caps);
+# endif
}
}
@@ -39,7 +41,7 @@ int
PreserveCapabilities() {
int zret = 0;
# if TS_USE_POSIX_CAP
- zret = prctl(PR_SET_KEEPCAPS, 1);
+ zret = prctl(PR_SET_KEEPCAPS, 1);
# endif
return zret;
}
@@ -48,18 +50,16 @@ PreserveCapabilities() {
int
RestrictCapabilities() {
int zret = 0; // return value.
-#if TS_USE_POSIX_CAP
- cap_t caps = cap_get_proc(); // Only way to initialize it AFAICT.
- cap_clear(caps);
- // Capabilities we need.
- cap_value_t cap_list[] = { CAP_NET_ADMIN, CAP_NET_BIND_SERVICE };
- static int const CAP_COUNT = sizeof(cap_list)/sizeof(*cap_list);
-
- cap_set_flag(caps, CAP_INHERITABLE, CAP_COUNT, cap_list, CAP_SET);
- cap_set_flag(caps, CAP_PERMITTED, CAP_COUNT, cap_list, CAP_SET);
- cap_set_flag(caps, CAP_EFFECTIVE, CAP_COUNT, cap_list, CAP_SET);
- zret = cap_set_proc(caps);
- cap_free(caps);
-#endif
+# if TS_USE_POSIX_CAP
+ cap_t caps = cap_init(); // start with nothing.
+ // Capabilities we need.
+ cap_value_t cap_list[] = { CAP_NET_ADMIN, CAP_NET_BIND_SERVICE };
+ static int const CAP_COUNT = sizeof(cap_list)/sizeof(*cap_list);
+
+ cap_set_flag(caps, CAP_PERMITTED, CAP_COUNT, cap_list, CAP_SET);
+ cap_set_flag(caps, CAP_EFFECTIVE, CAP_COUNT, cap_list, CAP_SET);
+ zret = cap_set_proc(caps);
+ cap_free(caps);
+# endif
return zret;
}
Modified: trafficserver/traffic/trunk/proxy/Main.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/proxy/Main.cc?rev=1097128&r1=1097127&r2=1097128&view=diff
==============================================================================
--- trafficserver/traffic/trunk/proxy/Main.cc (original)
+++ trafficserver/traffic/trunk/proxy/Main.cc Wed Apr 27 14:22:22 2011
@@ -1498,10 +1498,12 @@ change_uid_gid(const char *user)
char *buf = (char *)xmalloc(buflen);
- if (geteuid()) {
- // Not running as root
- Debug("server",
- "Can't change user to : %s because running with effective uid=%d",
+ if (0 != geteuid() && 0 == getuid()) seteuid(0); // revert euid if possible.
+ if (0 != geteuid()) {
+ // Not root so can't change user ID. Logging isn't operational yet so
+ // we have to write directly to stderr. Perhaps this should be fatal?
+ fprintf(stderr,
+ "Can't change user to '%s' because running with effective uid=%d",
user, geteuid());
}
else {
@@ -1655,7 +1657,8 @@ main(int argc, char **argv)
RestrictCapabilities();
xfree(user);
}
- DebugCapabilities("server");
+ // Can't generate a log message yet, do that right after Diags is
+ // setup.
// This call is required for win_9xMe
//without this this_ethread() is failing when
@@ -1675,6 +1678,7 @@ main(int argc, char **argv)
diags->prefix_str = "Server ";
if (is_debug_tag_set("diags"))
diags->dump();
+ DebugCapabilities("server"); // Can do this now, logging is up.
// Check for core file
if (core_file[0] != '\0') {