Skip to content

V
varnish-cache
Unverified Commit 1b04343a authored by Nils Goroll's avatar Nils Goroll
Browse files
Options

jail enum assertions

parent d2c1b12b
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 0 deletions
bin/varnishd/mgt/mgt.h
View file @ 1b04343a
......@@ -110,6 +110,11 @@ enum jail_master_e {
JAIL_MASTER_KILL,
};
#define ASSERT_JAIL_MASTER(x) do { \
assert(x >= JAIL_MASTER_LOW); \
assert(x <= JAIL_MASTER_KILL); \
} while (0)
enum jail_subproc_e {
JAIL_SUBPROC_VCC = JAIL_MASTER_KILL + 1,
JAIL_SUBPROC_CC,
......@@ -117,6 +122,11 @@ enum jail_subproc_e {
JAIL_SUBPROC_WORKER,
};
#define ASSERT_JAIL_SUBPROC(x) do { \
assert(x >= JAIL_SUBPROC_VCC); \
assert(x <= JAIL_SUBPROC_WORKER); \
} while (0)
#define JAIL_LIMIT (JAIL_SUBPROC_WORKER + 1)
enum jail_fixfd_e {
......
bin/varnishd/mgt/mgt_jail_unix.c
View file @ 1b04343a
......@@ -188,6 +188,7 @@ vju_init(char **args)
static void v_matchproto_(jail_master_f)
vju_master(enum jail_master_e jme)
{
ASSERT_JAIL_MASTER(jme);
if (jme == JAIL_MASTER_LOW) {
AZ(setegid(vju_gid));
AZ(seteuid(vju_uid));
......@@ -203,6 +204,7 @@ vju_subproc(enum jail_subproc_e jse)
int i;
gid_t gid_list[NGID];
ASSERT_JAIL_SUBPROC(jse);
AZ(seteuid(0));
if (vju_wrkuser != NULL &&
(jse == JAIL_SUBPROC_VCLLOAD || jse == JAIL_SUBPROC_WORKER)) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment