[Varnish] #1482: [PATCH]: initialize supplementary groups before setuid()
Varnish
varnish-bugs at varnish-cache.org
Thu Apr 17 12:44:40 CEST 2014
#1482: [PATCH]: initialize supplementary groups before setuid()
-------------------+-------------------------
Reporter: idl0r | Type: enhancement
Status: new | Priority: normal
Milestone: | Component: build
Version: trunk | Severity: normal
Keywords: |
-------------------+-------------------------
Please see the attached patch.
One may have gcc or other things restricted, so that e.g. only a specific
user
and/or group may execute it. Varnish never inherited the groups of the
user that
has been specified by "-u". initgroups() will make sure that varnish gets
all
supplementary groups.
Steps to reproduce:
{{{
chown root:gccuser /usr/bin/gcc
chmod 0750 /usr/bin/gcc
varnishd -u varnish -g varnish -f /etc/varnish/default.vcl -F
Message from C-compiler:
/bin/sh: 1: exec: gcc: Permission denied
Running C-compiler failed, exit 126
VCL compilation failed
gpasswd -a varnish gccuser
varnishd -u varnish -g varnish -f /etc/varnish/default.vcl -F
Message from C-compiler:
/bin/sh: 1: exec: gcc: Permission denied
Running C-compiler failed, exit 126
VCL compilation failed
}}}
Now apply my patch and try again.
--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1482>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list