Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

moray-sandbox

Package Overview
Dependencies
Maintainers
13
Versions
7
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

moray-sandbox - npm Package Compare versions

Comparing version 0.2.1 to 0.2.2

3

lib/run.js

@@ -8,3 +8,3 @@ /*

/*
* Copyright 2016, Joyent, Inc.
* Copyright 2020 Joyent, Inc.
*/

@@ -82,2 +82,3 @@

'funcs': [
function (_, cb) { sandbox._getUserId(cb); },
function (_, cb) { sandbox._initDB(cb); },

@@ -84,0 +85,0 @@ function (_, cb) { sandbox._startPG(cb); }

112

lib/sandbox.js

@@ -8,3 +8,3 @@ /*

/*
* Copyright (c) 2018 Joyent, Inc.
* Copyright 2020 Joyent, Inc.
*/

@@ -31,2 +31,4 @@

var mod_moray_server = require('moray-server');
var mod_os = require('os');
var mod_uid_number = require('uid-number');
var mod_util = require('util');

@@ -59,2 +61,3 @@ var mod_vasync = require('vasync');

var POSTGRES = 'postgres';

@@ -102,2 +105,7 @@ // --- Internal

this.servers = {};
// set to 'root' by default, we'll override these in getUserId later
this.uid = 0;
this.gid = 0;
this.user = null;
this.useSu = false;

@@ -107,7 +115,70 @@ Object.seal(this);

function _chownDbDirs(self) {
assert.string(self.baseDir, 'self.baseDir');
assert.string(self.unixDir, 'self.unixDir');
assert.string(self.dbDir, 'self.dbDir');
assert.number(self.uid, 'self.uid');
assert.number(self.gid, 'self.gid');
// Make and chown all directories we need.
[self.baseDir, self.unixDir, self.dbDir].forEach(function mkdir(path) {
if (!mod_fs.existsSync(path)) {
mod_fs.mkdirSync(path);
}
mod_fs.chownSync(path, self.uid, self.gid);
});
}
MoraySandbox.prototype._getUserId = function getUserId(callback) {
var self = this;
var userInfo = mod_os.userInfo();
// if we're already running as non-root, there's no more work to do.
if (userInfo.uid !== 0) {
self.uid = userInfo.uid;
self.gid = userInfo.gid;
self.user = userInfo.username;
// Moray's config schema won't allow us to add a user to the pg connect
// config when running standalone, so just set this in the environment
// instead.
process.env.PGUSER = self.user;
self.log.info('Already running as non-root, using uid ' + self.uid);
_chownDbDirs(self);
callback();
return;
}
// lookup an unprivileged user, save its uid/gid, chown our basedir
mod_uid_number(POSTGRES, function getUid(err, uid, gid) {
if (err !== null) {
callback(err);
return;
}
self.uid = uid;
self.gid = gid;
self.user = POSTGRES;
process.env.PGUSER = self.user;
self.useSu = true;
self.log.info(
'We are root, so using ' + POSTGRES + ' uid ' + self.uid);
_chownDbDirs(self);
callback();
});
};
MoraySandbox.prototype._initDB = function initDB(callback) {
var self = this;
var args = [ 'initdb', '-D', self.dbDir, '-E', 'UNICODE', '-A', 'trust' ];
self.log.info({ cmd: 'initdb', argv: args }, 'Executing command');
var args = [];
var initdb = ['initdb', '-D', self.dbDir, '-E', 'UNICODE', '-A', 'trust'];
if (self.useSu) {
// passing the uid/gid to forkExecWait isn't sufficient for initdb,
// so use the bigger hammer of su to run as a non-root user.
args = ['/usr/bin/su', self.user, '-c', initdb.join(' ')];
} else {
args = initdb;
}
self.log.info({
cmd: args[0],
argv: args,
uid: self.uid,
gid: self.gid
}, 'Executing command');
mod_forkexec.forkExecWait({ argv: args }, function (err, info) {

@@ -128,12 +199,3 @@ self.log.info(info, 'Finished initdb');

}
mod_fs.mkdir(self.unixDir, function (mErr) {
if (mErr) {
callback(new VError(mErr,
'Failed to create directory for Unix sockets'));
return;
}
callback();
});
callback();
});

@@ -146,6 +208,14 @@ });

var self = this;
var args = [ 'postgres', '-D', self.dbDir, '-k', self.unixDir ];
self.log.info({ cmd: 'postgres', argv: args }, 'Executing command');
// postgres will do the right thing, no need to use su here
var args = [ 'postgres', '-D', self.dbDir, '-k', self.unixDir];
self.log.info({
cmd: args[0],
argv: args,
uid: self.uid,
gid: self.gid
}, 'Executing command');
self.pg_child = mod_forkexec.forkExecWait({
argv: args,
uid: self.uid,
gid: self.gid,
maxBuffer: 1024 * 500

@@ -167,6 +237,12 @@ }, function (err, info) {

var attempt = 1;
// postgres will do the right thing, no need to use su here
var args = [ 'createdb', '-E', 'UNICODE', '-h', self.unixDir, req_id ];
function retry() {
self.log.info({ cmd: 'createdb', argv: args }, 'Executing command');
mod_forkexec.forkExecWait({ argv: args },
self.log.info({
cmd: args[0],
argv: args,
uid: self.uid,
gid: self.gid,
}, 'Executing command');
mod_forkexec.forkExecWait({ argv: args, uid: self.uid, gid: self.gid },
function (err, info) {

@@ -185,2 +261,4 @@ if (err) {

}
} else {
self.log.info('Created moray database');
}

@@ -187,0 +265,0 @@ callback(err, self.unixDir + ' ' + req_id);

7

package.json

@@ -5,4 +5,6 @@ {

"main": "./lib/index.js",
"version": "0.2.1",
"keywords": [ "moray" ],
"version": "0.2.2",
"keywords": [
"moray"
],
"repository": {

@@ -19,2 +21,3 @@ "type": "git",

"moray-server": "git+https://github.com/joyent/moray.git#74bc4d62",
"uid-number": "0.0.6",
"uuid": "3.0.0",

@@ -21,0 +24,0 @@ "vasync": "1.6.4",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc