[master] 07c4432 varnishtest: setuid(nobody) if running as root
Tollef Fog Heen
tfheen at varnish-cache.org
Wed Jan 26 12:36:08 CET 2011
commit 07c4432ba55b50b6640c5eeb24155a3618224f61
Author: Tollef Fog Heen <tfheen at err.no>
Date: Wed Jan 26 12:18:21 2011 +0100
varnishtest: setuid(nobody) if running as root
If we were running as root, m00004 would fail as it would not be able
to read the files from the temporary directory. To avoid this
problem, we now setuid to nobody if we are running as root.
diff --git a/bin/varnishtest/vtc_main.c b/bin/varnishtest/vtc_main.c
index 3db3bd9..ac3436e 100644
--- a/bin/varnishtest/vtc_main.c
+++ b/bin/varnishtest/vtc_main.c
@@ -42,6 +42,11 @@ SVNID("$Id$")
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
+#include <pwd.h>
+
+#ifdef __linux__
+#include <sys/prctl.h>
+#endif
#include "libvarnish.h"
#include "vev.h"
@@ -364,6 +369,21 @@ main(int argc, char * const *argv)
vb = vev_new_base();
+ if (geteuid() == 0) {
+ struct passwd *pw;
+ pw = getpwnam("nobody");
+ assert(setgid(pw->pw_gid) == 0);
+ assert(setuid(pw->pw_uid) == 0);
+ /* On Linux >= 2.4, you need to set the dumpable flag
+ to get core dumps after you have done a setuid. */
+#ifdef __linux__
+ if (prctl(PR_SET_DUMPABLE, 1) != 0) {
+ printf("Could not set dumpable bit. Core dumps turned "
+ "off\n");
+ }
+#endif
+ }
+
i = 0;
while(!VTAILQ_EMPTY(&tst_head) || i) {
if (!VTAILQ_EMPTY(&tst_head) && njob < npar) {
More information about the varnish-commit
mailing list