[Varnish] #671: Solaris least privilege support breaks core dumps (SNOCD set)
Varnish
varnish-bugs at varnish-cache.org
Mon Mar 29 15:25:36 CEST 2010
#671: Solaris least privilege support breaks core dumps (SNOCD set)
-------------------+--------------------------------------------------------
Reporter: slink | Type: defect
Status: new | Priority: normal
Milestone: | Component: build
Version: trunk | Severity: normal
Keywords: |
-------------------+--------------------------------------------------------
The particular order of privilege set commands introduced with #628 leads
to the SNOCD flag being set in this piece of solaris code:
http://cvs.opensolaris.org/source/xref/onnv/onnv-
gate/usr/src/uts/common/syscall/ppriv.c#160
{{{
#!C
/*
* When we give up privileges not in the inheritable set,
* set SNOCD if not already set; first we compute the
* privileges removed from P using Diff = (~P') & P
* and then we check whether the removed privileges are
* a subset of I. If we retain uid 0, all privileges
* are required anyway so don't set SNOCD.
*/
if (type == PRIV_PERMITTED && (p->p_flag & SNOCD) == 0 &&
cr->cr_uid != 0 && cr->cr_ruid != 0 && cr->cr_suid != 0) {
priv_set_t diff = CR_OPPRIV(cr);
priv_inverse(&diff);
priv_intersect(&CR_OPPRIV(pcr), &diff);
donocd = !priv_issubset(&diff, &CR_IPRIV(cr));
}
}}}
The net effect is that, with least privilege support, varnish worker
children do not dump cores any more.
We must change the order in which privileges are waived to avoid this
behavior.
The attached patch is incremental to the fix in #670
--
Ticket URL: <http://www.varnish-cache.org/ticket/671>
Varnish <http://varnish-cache.org/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list