Mailing List Archive

#1153: No privilege seperation for cc-command
#1153: No privilege seperation for cc-command
----------------------+-----------------------------------------------------
Reporter: kristian | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: varnishd | Version: 3.0.2
Severity: normal | Keywords:
----------------------+-----------------------------------------------------
In short:

{{{
param.set cc_command "id >> /tmp/bad_guy_was_here; exec gcc -std=gnu99 -g
-O2 -pthread -fpic -shared -Wl,-x -o %o %s "
}}}

lead to:

{{{
root@vac-agent:/etc# cat /tmp/bad_guy_was_here
uid=0(root) gid=0(root) groups=0(root)
uid=0(root) gid=0(root) groups=0(root)
uid=0(root) gid=0(root) groups=0(root)
uid=0(root) gid=0(root) groups=0(root)
}}}

The issue being that it's run as root, not that it works.

Not confirmed on master yet.

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1153>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs
Re: #1153: No privilege seperation for cc-command [ In reply to ]
#1153: No privilege seperation for cc-command
----------------------+-----------------------------------------------------
Reporter: kristian | Owner:
Type: defect | Status: closed
Priority: normal | Milestone:
Component: varnishd | Version: 3.0.2
Severity: normal | Resolution: fixed
Keywords: |
----------------------+-----------------------------------------------------
Changes (by Poul-Henning Kamp <phk@…>):

* status: new => closed
* resolution: => fixed


Comment:

(In [b7175b38ad96ae57888e930a12cb88e33005178e]) Priv-sep vcc and cc also.

Fixes #1153

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1153#comment:1>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs