Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
U
unique-xids
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
unique-xids
Commits
1a80a019
Commit
1a80a019
authored
Oct 12, 2011
by
Poul-Henning Kamp
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Solaris sandbox changes.
Submitted by: Nils Goroll
parent
3b73cf0e
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
19 additions
and
3 deletions
+19
-3
mgt.h
bin/varnishd/mgt.h
+1
-0
mgt_sandbox.c
bin/varnishd/mgt_sandbox.c
+3
-3
mgt_sandbox_solaris.c
bin/varnishd/mgt_sandbox_solaris.c
+15
-0
No files found.
bin/varnishd/mgt.h
View file @
1a80a019
...
...
@@ -70,6 +70,7 @@ void mgt_sandbox(void);
#ifdef HAVE_SETPPRIV
void
mgt_sandbox_solaris_init
(
void
);
void
mgt_sandbox_solaris_fini
(
void
);
void
mgt_sandbox_solaris_privsep
(
void
);
#endif
/* mgt_shmem.c */
...
...
bin/varnishd/mgt_sandbox.c
View file @
1a80a019
...
...
@@ -63,17 +63,17 @@
void
mgt_sandbox
(
void
)
{
#ifdef HAVE_SETPPRIV
mgt_sandbox_solaris_init
();
#endif
mgt_sandbox_solaris_privsep
();
#else
if
(
geteuid
()
==
0
)
{
XXXAZ
(
setgid
(
params
->
gid
));
XXXAZ
(
setuid
(
params
->
uid
));
}
else
{
REPORT0
(
LOG_INFO
,
"Not running as root, no priv-sep"
);
}
#endif
/* On Linux >= 2.4, you need to set the dumpable flag
to get core dumps after you have done a setuid. */
...
...
bin/varnishd/mgt_sandbox_solaris.c
View file @
1a80a019
...
...
@@ -40,6 +40,7 @@
#include <stdio.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>
#include "mgt.h"
...
...
@@ -153,6 +154,20 @@ mgt_sandbox_solaris_init(void)
priv_freeset
(
priv_all
);
}
void
mgt_sandbox_solaris_privsep
(
void
)
{
if
(
priv_ineffect
(
PRIV_PROC_SETID
))
{
if
(
getgid
()
!=
params
->
gid
)
XXXAZ
(
setgid
(
params
->
gid
));
if
(
getuid
()
!=
params
->
uid
)
XXXAZ
(
setuid
(
params
->
uid
));
}
else
{
REPORT
(
LOG_INFO
,
"Privilege %s missing, will not change uid/gid"
,
PRIV_PROC_SETID
);
}
}
/*
* Waive most privileges in the child
*
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment