kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit b0ff041709a69247a8a01bf28098b39625269c99
parent 5f1238c2dc3d1ff8559c32fa5280779b8423df55
Author: Joris Vink <joris@coders.se>
Date:   Thu,  9 Apr 2015 10:06:18 +0200

call setrlimit() before we drop privs.

Diffstat:
src/worker.c | 14+++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/worker.c b/src/worker.c @@ -197,6 +197,13 @@ kore_worker_entry(struct kore_worker *kw) fatal("cannot chdir(): %s", errno_s); } + rl.rlim_cur = worker_rlimit_nofiles; + rl.rlim_max = worker_rlimit_nofiles; + if (setrlimit(RLIMIT_NOFILE, &rl) == -1) { + kore_log(LOG_ERR, "setrlimit(RLIMIT_NOFILE, %d): %s", + worker_rlimit_nofiles, errno_s); + } + if (getuid() != pw->pw_uid) { if (setgroups(1, &pw->pw_gid) || #ifdef __MACH__ @@ -209,13 +216,6 @@ kore_worker_entry(struct kore_worker *kw) fatal("unable to drop privileges"); } - rl.rlim_cur = worker_rlimit_nofiles; - rl.rlim_max = worker_rlimit_nofiles; - if (setrlimit(RLIMIT_NOFILE, &rl) == -1) { - kore_log(LOG_ERR, "setrlimit(RLIMIT_NOFILE, %d): %s", - worker_rlimit_nofiles, errno_s); - } - (void)snprintf(buf, sizeof(buf), "kore [wrk %d]", kw->id); kore_platform_proctitle(buf); kore_platform_worker_setcpu(kw);