On Jan 23, 2014, at 1:33 PM, Bryan Call <bc...@yahoo-inc.com> wrote:
> I removed elevation on delete and new instance. It is needed in dlopen > because the libraries that we link with in our plugins need root privileges > when they statically initialize things. Ah, static initializers. Is removing the elevation on delete and new instance a backwards compatibility issue? I'd say so, though I also think that those are bad times to elevate unless you are using Linux capabilities. > > -Bryan > > >>> Am 23 yan, 2014 um 22:00 schrieb "James Peach" <jpe...@apache.org>: >>> >>>> On Jan 23, 2014, at 6:50 AM, bc...@apache.org wrote: >>>> >>>> Updated Branches: >>>> refs/heads/master 00897775d -> cd86569e9 >>>> >>>> >>>> TS-2425: Update to TS-2261 for loading plugins as root >>> [snip] >>>> http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/http/remap/UrlMapping.cc >>>> ---------------------------------------------------------------------- >>>> diff --git a/proxy/http/remap/UrlMapping.cc >>>> b/proxy/http/remap/UrlMapping.cc >>>> index d5b00d1..58739c1 100644 >>>> --- a/proxy/http/remap/UrlMapping.cc >>>> +++ b/proxy/http/remap/UrlMapping.cc >>>> @@ -79,13 +79,8 @@ url_mapping::delete_instance(unsigned int index) >>>> remap_plugin_info* p = get_plugin(index); >>>> >>>> if (ih && p && p->fp_tsremap_delete_instance) { >>>> - // elevate the access to read files as root if compiled with >>>> capabilities, if not >>>> - // change the effective user to root >>>> - uint32_t elevate_access = 0; >>>> - REC_ReadConfigInteger(elevate_access, >>>> "proxy.config.plugin.load_elevated"); >>>> - ElevateAccess access(elevate_access != 0); >>>> p->fp_tsremap_delete_instance(ih); >>>> - } // done elevating access >>>> + } >>>> } >>> >>> The delete is no longer elevated? That seems inconsistent. Why did you >>> remove that? Also, why is it necessary to perform the dlopen() with >>> privilege? >>> >>> J >
