Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
varnish-cache
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Commits
Open sidebar
varnishcache
varnish-cache
Commits
38a71992
Commit
38a71992
authored
Aug 06, 2012
by
Poul-Henning Kamp
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add updated Solaris Sandbox from Nils Goroll
(untested by me)
parent
d47db772
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
117 additions
and
37 deletions
+117
-37
mgt_sandbox.c
bin/varnishd/mgt/mgt_sandbox.c
+3
-3
mgt_sandbox_solaris.c
bin/varnishd/mgt/mgt_sandbox_solaris.c
+114
-34
No files found.
bin/varnishd/mgt/mgt_sandbox.c
View file @
38a71992
...
...
@@ -57,8 +57,7 @@
/*--------------------------------------------------------------------*/
/* Waive all privileges in the child, it does not need any */
#ifndef HAVE_SETPPRIV
static
void
__match_proto__
(
mgt_sandbox_f
)
mgt_sandbox_unix
(
enum
sandbox_e
who
)
{
...
...
@@ -70,6 +69,7 @@ mgt_sandbox_unix(enum sandbox_e who)
REPORT0
(
LOG_INFO
,
"Not running as root, no priv-sep"
);
}
}
#endif
/*--------------------------------------------------------------------*/
...
...
@@ -90,7 +90,7 @@ mgt_sandbox_linux(enum sandbox_e who)
/*--------------------------------------------------------------------*/
mgt_sandbox_f
*
mgt_sandbox
=
#ifdef HAVE_SETPRIV
#ifdef HAVE_SETP
P
RIV
mgt_sandbox_solaris
;
#elif defined (__linux__)
mgt_sandbox_linux
;
...
...
bin/varnishd/mgt/mgt_sandbox_solaris.c
View file @
38a71992
/*-
* Copyright (c) 2006-2011 Varnish Software AS
* Copyright (c) 2011-2012 UPLEX - Nils Goroll Systemoptimierung
* All rights reserved.
*
* Author: Poul-Henning Kamp <phk@phk.freebsd.dk>
...
...
@@ -38,6 +39,7 @@
#include <priv.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>
...
...
@@ -95,49 +97,113 @@
*
*/
/* effective during runtime of the child */
static
inline
void
mgt_sandbox_solaris_add_effective
(
priv_set_t
*
pset
)
static
void
mgt_sandbox_solaris_add_inheritable
(
priv_set_t
*
pset
,
enum
sandbox_e
who
)
{
/* PSARC/2009/685 - 8eca52188202 - onnv_132 */
priv_addset
(
pset
,
"net_access"
);
switch
(
who
)
{
case
SANDBOX_VCC
:
break
;
case
SANDBOX_CC
:
priv_addset
(
pset
,
"proc_exec"
);
priv_addset
(
pset
,
"proc_fork"
);
/* PSARC/2009/378 - 63678502e95e - onnv_140 */
priv_addset
(
pset
,
"file_read"
);
priv_addset
(
pset
,
"file_write"
);
break
;
case
SANDBOX_VCLLOAD
:
break
;
case
SANDBOX_WORKER
:
break
;
default:
REPORT
(
LOG_ERR
,
"INCOMPLETE AT: %s(%d)
\n
"
,
__func__
,
__LINE__
);
exit
(
1
);
}
}
/*
* effective is initialized from inheritable (see mgt_sandbox_solaris_waive)
* so only additionally required privileges need to be added here
*/
/* PSARC/2009/378 - 63678502e95e - onnv_140 */
priv_addset
(
pset
,
"file_read"
);
priv_addset
(
pset
,
"file_write"
);
static
void
mgt_sandbox_solaris_add_effective
(
priv_set_t
*
pset
,
enum
sandbox_e
who
)
{
switch
(
who
)
{
case
SANDBOX_VCC
:
/* PSARC/2009/378 - 63678502e95e - onnv_140 */
priv_addset
(
pset
,
"file_write"
);
break
;
case
SANDBOX_CC
:
break
;
case
SANDBOX_VCLLOAD
:
/* PSARC/2009/378 - 63678502e95e - onnv_140 */
priv_addset
(
pset
,
"file_read"
);
case
SANDBOX_WORKER
:
/* PSARC/2009/685 - 8eca52188202 - onnv_132 */
priv_addset
(
pset
,
"net_access"
);
/* PSARC/2009/378 - 63678502e95e - onnv_140 */
priv_addset
(
pset
,
"file_read"
);
priv_addset
(
pset
,
"file_write"
);
break
;
default:
REPORT
(
LOG_ERR
,
"INCOMPLETE AT: %s(%d)
\n
"
,
__func__
,
__LINE__
);
exit
(
1
);
}
}
/* permitted during runtime of the child - for privilege bracketing */
static
inline
void
mgt_sandbox_solaris_add_permitted
(
priv_set_t
*
pset
)
/*
* permitted is initialized from effective (see mgt_sandbox_solaris_waive)
* so only additionally required privileges need to be added here
*/
static
void
mgt_sandbox_solaris_add_permitted
(
priv_set_t
*
pset
,
enum
sandbox_e
who
)
{
/* for raising limits in cache_waiter_ports.c */
priv_addset
(
pset
,
PRIV_SYS_RESOURCE
);
switch
(
who
)
{
case
SANDBOX_VCC
:
case
SANDBOX_CC
:
case
SANDBOX_VCLLOAD
:
break
;
case
SANDBOX_WORKER
:
/* for raising limits in cache_waiter_ports.c */
priv_addset
(
pset
,
PRIV_SYS_RESOURCE
);
break
;
default:
REPORT
(
LOG_ERR
,
"INCOMPLETE AT: %s(%d)
\n
"
,
__func__
,
__LINE__
);
exit
(
1
);
}
}
/* effective during mgt_sandbox */
static
inline
void
mgt_sandbox_solaris_add_initial
(
priv_set_t
*
pset
)
/*
* additional privileges needed by mgt_sandbox_solaris_privsep -
* will get waived in mgt_sandbox_solaris_waive
*/
static
void
mgt_sandbox_solaris_add_initial
(
priv_set_t
*
pset
,
enum
sandbox_e
who
)
{
(
void
)
who
;
/* for setgid/setuid */
priv_addset
(
pset
,
PRIV_PROC_SETID
);
}
/*
* if we are not yet privilege-aware already (ie we have been started
* not-privilege aware wird euid 0), we need to grab any additional privileges
* needed during mgt_standbox, until we reduce to least privileges in
* mgt_sandbox_waive, otherwise we would loose them with setuid()
* not-privilege aware with euid 0), we try to grab any privileges we
* will need later.
* We will reduce to least privileges in mgt_sandbox_solaris_waive
*
* We need to become privilege-aware to avoid setuid resetting them.
*/
void
mgt_sandbox_solaris_init
(
void
)
static
void
mgt_sandbox_solaris_init
(
enum
sandbox_e
who
)
{
priv_set_t
*
priv_all
;
if
(
!
(
priv_all
=
priv_allocset
()))
{
REPORT
(
LOG_ERR
,
"
Child start
warning: "
"
Sandbox
warning: "
" mgt_sandbox_init - priv_allocset failed: errno=%d (%s)"
,
errno
,
strerror
(
errno
));
return
;
...
...
@@ -145,9 +211,10 @@ mgt_sandbox_solaris_init(void)
priv_emptyset
(
priv_all
);
mgt_sandbox_solaris_add_effective
(
priv_all
);
mgt_sandbox_solaris_add_permitted
(
priv_all
);
mgt_sandbox_solaris_add_initial
(
priv_all
);
mgt_sandbox_solaris_add_inheritable
(
priv_all
,
who
);
mgt_sandbox_solaris_add_effective
(
priv_all
,
who
);
mgt_sandbox_solaris_add_permitted
(
priv_all
,
who
);
mgt_sandbox_solaris_add_initial
(
priv_all
,
who
);
setppriv
(
PRIV_ON
,
PRIV_PERMITTED
,
priv_all
);
setppriv
(
PRIV_ON
,
PRIV_EFFECTIVE
,
priv_all
);
...
...
@@ -156,9 +223,11 @@ mgt_sandbox_solaris_init(void)
priv_freeset
(
priv_all
);
}
void
mgt_sandbox_solaris_privsep
(
void
)
static
void
mgt_sandbox_solaris_privsep
(
enum
sandbox_e
who
)
{
(
void
)
who
;
if
(
priv_ineffect
(
PRIV_PROC_SETID
))
{
if
(
getgid
()
!=
mgt_param
.
gid
)
XXXAZ
(
setgid
(
mgt_param
.
gid
));
...
...
@@ -187,8 +256,8 @@ mgt_sandbox_solaris_privsep(void)
* We should keep sys_resource in P in order to adjust our limits if we need to
*/
void
mgt_sandbox_solaris_
fini
(
void
)
static
void
mgt_sandbox_solaris_
waive
(
enum
sandbox_e
who
)
{
priv_set_t
*
effective
,
*
inheritable
,
*
permitted
;
...
...
@@ -196,19 +265,22 @@ mgt_sandbox_solaris_fini(void)
!
(
inheritable
=
priv_allocset
())
||
!
(
permitted
=
priv_allocset
()))
{
REPORT
(
LOG_ERR
,
"
Child start
warning: "
"
Sandbox
warning: "
" mgt_sandbox_waive - priv_allocset failed: errno=%d (%s)"
,
errno
,
strerror
(
errno
));
return
;
}
/* simple scheme: (inheritable subset-of effective) subset-of permitted */
priv_emptyset
(
inheritable
);
mgt_sandbox_solaris_add_inheritable
(
inheritable
,
who
);
priv_
emptyset
(
effective
);
mgt_sandbox_solaris_add_effective
(
effective
);
priv_
copyset
(
inheritable
,
effective
);
mgt_sandbox_solaris_add_effective
(
effective
,
who
);
priv_copyset
(
effective
,
permitted
);
mgt_sandbox_solaris_add_permitted
(
permitted
);
mgt_sandbox_solaris_add_permitted
(
permitted
,
who
);
/*
* invert the sets and clear privileges such that setppriv will always
...
...
@@ -221,7 +293,7 @@ mgt_sandbox_solaris_fini(void)
#define SETPPRIV(which, set) \
if (setppriv(PRIV_OFF, which, set)) \
REPORT(LOG_ERR, \
"
Child start warning: "
\
"
Sandbox warning: "
\
" Waiving privileges failed on %s: errno=%d (%s)", \
#which, errno, strerror(errno));
...
...
@@ -233,6 +305,14 @@ mgt_sandbox_solaris_fini(void)
priv_freeset
(
inheritable
);
priv_freeset
(
effective
);
priv_freeset
(
permitted
);
}
void
__match_proto__
(
mgt_sandbox_f
)
mgt_sandbox_solaris
(
enum
sandbox_e
who
)
{
mgt_sandbox_solaris_init
(
who
);
mgt_sandbox_solaris_privsep
(
who
);
mgt_sandbox_solaris_waive
(
who
);
}
#endif
/* HAVE_SETPPRIV */
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment