[Libreoffice-commits] online.git: loolwsd/LOOLKit.cpp
Ashod Nakashian
ashod.nakashian at collabora.co.uk
Mon Mar 14 03:15:22 UTC 2016
loolwsd/LOOLKit.cpp | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
New commits:
commit f2eec85b2a84d58eb2d125f1a826d71fdcd85d4b
Author: Ashod Nakashian <ashod.nakashian at collabora.co.uk>
Date: Sun Mar 13 11:02:47 2016 -0400
loolwsd: jailId ought be random, but must be PID
Ideally, we will have a randomized path for the jails.
Unfortunately, this will make it harder to cleanup
after an ungraceful exit of a child, including recovery
of docs etc.
Having a PID for the jailId makes this issue easier by
implicitly implying the jail path for a given child.
To prevent security leaks, we should at least randomize
the doc directory within the jail, as such:
/chroot/<pid>/user/docs/<rand>/
For now we use jailId=pid=rand.
Change-Id: I948fba0aaef725c9c059780df0a184a86569d898
Reviewed-on: https://gerrit.libreoffice.org/23223
Reviewed-by: Ashod Nakashian <ashnakash at gmail.com>
Tested-by: Ashod Nakashian <ashnakash at gmail.com>
diff --git a/loolwsd/LOOLKit.cpp b/loolwsd/LOOLKit.cpp
index 36ae9b4..dcf5e61 100644
--- a/loolwsd/LOOLKit.cpp
+++ b/loolwsd/LOOLKit.cpp
@@ -784,7 +784,10 @@ void lokit_main(const std::string& childRoot,
std::map<std::string, std::shared_ptr<Document>> _documents;
- static const std::string jailId = Util::encodeId(Util::rng::getNext());
+ // Ideally this will be a random ID, but broker will cleanup
+ // our jail directory when we die, and it's simpler to know
+ // the jailId (i.e. the path) implicitly by knowing our pid.
+ static const std::string jailId = std::to_string(Process::id());
static const std::string process_name = "loolkit";
if (prctl(PR_SET_NAME, reinterpret_cast<unsigned long>(process_name.c_str()), 0, 0, 0) != 0)
More information about the Libreoffice-commits
mailing list