Implment Doc "The American" Wilco's suggestion and restrict

shared memory access to require root or varnish group membership.

Implment Doc "The American" Wilco's suggestion and restrict
shared memory access to require root or varnish group membership.
a693b444 · Poul-Henning Kamp · 3fa40463 · a693b444 · a693b444 · a693b444
Commit a693b444 authored Apr 15, 2015 by Poul-Henning Kamp
5 changed files
--- a/bin/varnishd/mgt/mgt.h
+++ b/bin/varnishd/mgt/mgt.h
@@ -86,7 +86,7 @@ typedef int jail_init_f(char **);
 typedef void jail_master_f(enum jail_master_e);
 typedef void jail_subproc_f(enum jail_subproc_e);
 typedef void jail_make_dir_f(const char *dname);
-typedef void jail_storage_file_f(int fd);
+typedef void jail_fixfile_f(int fd);

 struct jail_tech {
 	unsigned		magic;
@@ -97,7 +97,8 @@ struct jail_tech {
 	jail_subproc_f		*subproc;
 	jail_make_dir_f		*make_workdir;
 	jail_make_dir_f		*make_vcldir;
-	jail_storage_file_f	*storage_file;
+	jail_fixfile_f		*vsm_file;
+	jail_fixfile_f		*storage_file;
 };

 void VJ_Init(const char *j_arg);
@@ -105,7 +106,8 @@ void VJ_master(enum jail_master_e jme);
 void VJ_subproc(enum jail_subproc_e jse);
 void VJ_make_workdir(const char *dname);
 void VJ_make_vcldir(const char *dname);
-void VJ_storage_file(int fd);
+void VJ_fix_vsm_file(int fd);
+void VJ_fix_storage_file(int fd);

 extern const struct jail_tech jail_tech_unix;
 extern const struct jail_tech jail_tech_solaris;

--- a/bin/varnishd/mgt/mgt_jail.c
+++ b/bin/varnishd/mgt/mgt_jail.c
@@ -181,10 +181,19 @@ VJ_make_vcldir(const char *dname)
 }

 void
-VJ_storage_file(int fd)
+VJ_fix_storage_file(int fd)
 {

 	CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
 	if (vjt->storage_file != NULL)
 		vjt->storage_file(fd);
 }
+
+void
+VJ_fix_vsm_file(int fd)
+{
+
+	CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
+	if (vjt->vsm_file != NULL)
+		vjt->vsm_file(fd);
+}
--- a/bin/varnishd/mgt/mgt_jail_unix.c
+++ b/bin/varnishd/mgt/mgt_jail_unix.c
@@ -235,7 +235,17 @@ vju_make_vcldir(const char *dname)
 	AZ(seteuid(vju_uid));
 }

-static void
+
+static void __match_proto__(jail_fixfile_f)
+vju_vsm_file(int fd)
+{
+	/* Called under JAIL_MASTER_FILE */
+
+	AZ(fchmod(fd, 0640));
+	AZ(fchown(fd, 0, vju_gid));
+}
+
+static void __match_proto__(jail_fixfile_f)
 vju_storage_file(int fd)
 {
 	/* Called under JAIL_MASTER_STORAGE */
@@ -250,6 +260,7 @@ const struct jail_tech jail_tech_unix = {
 	.init =		vju_init,
 	.master =	vju_master,
 	.make_vcldir =	vju_make_vcldir,
+	.vsm_file =	vju_vsm_file,
 	.storage_file =	vju_storage_file,
 	.subproc =	vju_subproc,
 };
--- a/bin/varnishd/mgt/mgt_shmem.c
+++ b/bin/varnishd/mgt/mgt_shmem.c
@@ -151,12 +151,13 @@ vsm_zerofile(const char *fn, ssize_t size)
 	int fd;
 	int flags;

-	fd = flopen(fn, O_RDWR | O_CREAT | O_EXCL | O_NONBLOCK, 0644);
+	fd = flopen(fn, O_RDWR | O_CREAT | O_EXCL | O_NONBLOCK, 0640);
 	if (fd < 0) {
 		fprintf(stderr, "Could not create %s: %s\n",
 		    fn, strerror(errno));
 		return (-1);
 	}
+	VJ_fix_vsm_file(fd);
 	flags = fcntl(fd, F_GETFL);
 	assert(flags != -1);
 	flags &= ~O_NONBLOCK;

--- a/bin/varnishd/storage/stevedore_utils.c
+++ b/bin/varnishd/storage/stevedore_utils.c
@@ -95,7 +95,7 @@ STV_GetFile(const char *fn, int *fdp, const char **fnp, const char *ctx)
 	VJ_master(JAIL_MASTER_STORAGE);
 	fd = open(fn, O_RDWR | O_CREAT | O_EXCL | O_LARGEFILE, 0600);
 	if (fd >= 0) {
-		VJ_storage_file(fd);
+		VJ_fix_storage_file(fd);
 		*fdp = fd;
 		*fnp = fn;
 		VJ_master(JAIL_MASTER_LOW);
@@ -134,7 +134,7 @@ STV_GetFile(const char *fn, int *fdp, const char **fnp, const char *ctx)
 		    ctx, fn);

 	*fdp = fd;
-	VJ_storage_file(fd);
+	VJ_fix_storage_file(fd);
 	VJ_master(JAIL_MASTER_LOW);
 	return (retval);
 }