varnishtest: setuid(nobody) if running as root

If we were running as root, m00004 would fail as it would not be able to read the files from the temporary directory. To avoid this problem, we now setuid to nobody if we are running as root.

varnishtest: setuid(nobody) if running as root
If we were running as root, m00004 would fail as it would not be able to read the files from the temporary directory. To avoid this problem, we now setuid to nobody if we are running as root.
07c4432b · Tollef Fog Heen · 54ddaece · 07c4432b
Commit 07c4432b authored Jan 26, 2011 by Tollef Fog Heen
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 0 deletions

vtc_main.c bin/varnishtest/vtc_main.c +20 -0

No files found.
--- a/bin/varnishtest/vtc_main.c
+++ b/bin/varnishtest/vtc_main.c
@@ -42,6 +42,11 @@ SVNID("$Id$")
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <pwd.h>
+
+#ifdef __linux__
+#include <sys/prctl.h>
+#endif

 #include "libvarnish.h"
 #include "vev.h"
@@ -364,6 +369,21 @@ main(int argc, char * const *argv)

 	vb = vev_new_base();

+	if (geteuid() == 0) {
+		struct passwd *pw;
+		pw = getpwnam("nobody");
+		assert(setgid(pw->pw_gid) == 0);
+		assert(setuid(pw->pw_uid) == 0);
+		/* On Linux >= 2.4, you need to set the dumpable flag
+		   to get core dumps after you have done a setuid. */
+#ifdef __linux__
+		if (prctl(PR_SET_DUMPABLE, 1) != 0) {
+		  printf("Could not set dumpable bit.  Core dumps turned "
+			 "off\n");
+		}
+#endif
+	}
+
 	i = 0;
 	while(!VTAILQ_EMPTY(&tst_head) || i) {
 		if (!VTAILQ_EMPTY(&tst_head) && njob < npar) {