diff options
-rw-r--r-- | doc/protocol.txt | 2 | ||||
-rw-r--r-- | memcached.c | 13 | ||||
-rwxr-xr-x | t/misbehave.t | 2 |
3 files changed, 14 insertions, 3 deletions
diff --git a/doc/protocol.txt b/doc/protocol.txt index 9c8e8bc..0984594 100644 --- a/doc/protocol.txt +++ b/doc/protocol.txt @@ -849,6 +849,8 @@ other stats command. | | bool | If yes, stores numbers from VALUE response | | | | inside an item, using up to 24 bytes. | | | | Small slowdown for ASCII get, faster sets. | +| drop_privileges | bool | If yes, and available, drop unused syscalls | +| | | (see seccomp on Linux, pledge on OpenBSD) | |-------------------+----------+----------------------------------------------| diff --git a/memcached.c b/memcached.c index 2f8f89c..e42dd77 100644 --- a/memcached.c +++ b/memcached.c @@ -271,7 +271,7 @@ static void settings_init(void) { settings.crawls_persleep = 1000; settings.logger_watcher_buf_size = LOGGER_WATCHER_BUF_SIZE; settings.logger_buf_size = LOGGER_BUF_SIZE; - settings.drop_privileges = true; + settings.drop_privileges = false; #ifdef MEMCACHED_DEBUG settings.relaxed_privileges = false; #endif @@ -3239,6 +3239,9 @@ static void process_stat_settings(ADD_STAT add_stats, void *c) { APPEND_STAT("worker_logbuf_size", "%u", settings.logger_buf_size); APPEND_STAT("track_sizes", "%s", item_stats_sizes_status() ? "yes" : "no"); APPEND_STAT("inline_ascii_response", "%s", settings.inline_ascii_response ? "yes" : "no"); +#ifdef HAVE_DROP_PRIVILEGES + APPEND_STAT("drop_privileges", "%s", settings.drop_privileges ? "yes" : "no"); +#endif #ifdef EXTSTORE APPEND_STAT("ext_item_size", "%u", settings.ext_item_size); APPEND_STAT("ext_item_age", "%u", settings.ext_item_age); @@ -6230,7 +6233,8 @@ static void usage(void) { " currently: nothing\n" " - no_modern: uses defaults of previous major version (1.4.x)\n" #ifdef HAVE_DROP_PRIVILEGES - " - no_drop_privileges: Disable drop_privileges in case it causes issues with\n" + " - drop_privileges: enable dropping extra syscall privileges\n" + " - no_drop_privileges: disable drop_privileges in case it causes issues with\n" " some customisation.\n" #ifdef MEMCACHED_DEBUG " - relaxed_privileges: Running tests requires extra privileges.\n" @@ -6581,6 +6585,7 @@ int main (int argc, char **argv) { NO_LRU_CRAWLER, NO_LRU_MAINTAINER, NO_DROP_PRIVILEGES, + DROP_PRIVILEGES, #ifdef MEMCACHED_DEBUG RELAXED_PRIVILEGES, #endif @@ -6638,6 +6643,7 @@ int main (int argc, char **argv) { [NO_LRU_CRAWLER] = "no_lru_crawler", [NO_LRU_MAINTAINER] = "no_lru_maintainer", [NO_DROP_PRIVILEGES] = "no_drop_privileges", + [DROP_PRIVILEGES] = "drop_privileges", #ifdef MEMCACHED_DEBUG [RELAXED_PRIVILEGES] = "relaxed_privileges", #endif @@ -7357,6 +7363,9 @@ int main (int argc, char **argv) { case NO_DROP_PRIVILEGES: settings.drop_privileges = false; break; + case DROP_PRIVILEGES: + settings.drop_privileges = true; + break; #ifdef MEMCACHED_DEBUG case RELAXED_PRIVILEGES: settings.relaxed_privileges = true; diff --git a/t/misbehave.t b/t/misbehave.t index a69a8a6..13cb7f3 100755 --- a/t/misbehave.t +++ b/t/misbehave.t @@ -14,7 +14,7 @@ if (supports_drop_priv()) { exit 0; } -my $server = new_memcached(); +my $server = new_memcached('-o drop_privileges'); my $sock = $server->sock; print $sock "misbehave\r\n"; |