serverengine 2.0.7 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +5 -5
  2. data/.travis.yml +4 -3
  3. data/Changelog +4 -0
  4. data/lib/serverengine/process_manager.rb +2 -0
  5. data/lib/serverengine/socket_manager.rb +15 -2
  6. data/lib/serverengine/socket_manager_unix.rb +14 -2
  7. data/lib/serverengine/version.rb +1 -1
  8. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA256:
3
- metadata.gz: 849803d15dfe8e2b3e551b2849d8eb3d02deeffa271d4fa5f890ac4fb8db9a64
4
- data.tar.gz: 703964e48ed203464b7d98eeaee0a161c88c4fc9597c2c1028e4cc3860b52476
2
+ SHA1:
3
+ metadata.gz: 0fc6a5674589bf35670db4884c9d5b24ebc7c3ad
4
+ data.tar.gz: 2d90ee7be95869d687149d954d230462da3571c9
5
5
  SHA512:
6
- metadata.gz: 7b372a236fbb4861d6a1143c35a17466483d5e43730e6e6ce3a6dbe9c8a85cd560fbf7cb8a73e84edf7f0a56cecf9a1ec0e596cceed552c174d61d83765f2d49
7
- data.tar.gz: '092f8d447cab9895701e566fe5185f6043ca483ff2cc905c57ae653f5551b80f6b080b9f0b51fb1fc42b8466eae463a5809e0941a27e770323479cf99e5e1f92'
6
+ metadata.gz: fa77bfaee529a011584d2ca8791a65e99193b4e5d21ce1ccdb326aea1fdea6016d32e6ec481ebe1f2bc395cdec8fccfe592578327dffdec73a90a60308f29082
7
+ data.tar.gz: e3414b8d50c72c6c4a4eb82fafdfb4d2e9b3192c3390405b91b22db0b2929eba216a0544f1f377d80deafcd8fbae37bb01c7ea1d1c9f77e0597b92b54f196df2
data/.travis.yml CHANGED
@@ -2,9 +2,10 @@ language: ruby
2
2
 
3
3
  rvm:
4
4
  - 2.1.10
5
- - 2.2.6
6
- - 2.3.3
7
- - 2.4.0
5
+ - 2.2.9
6
+ - 2.3.8
7
+ - 2.4.5
8
+ - 2.5.3
8
9
  - ruby-head
9
10
 
10
11
  branches:
data/Changelog CHANGED
@@ -1,3 +1,7 @@
1
+ 2018-11-14 version 2.1.0:
2
+
3
+ * Improve socket manager security
4
+
1
5
  2018-07-09 version 2.0.7:
2
6
 
3
7
  * Add disable_sigdump option
data/lib/serverengine/process_manager.rb CHANGED
@@ -16,6 +16,7 @@
16
16
  # limitations under the License.
17
17
  #
18
18
  require 'fcntl'
19
+ require 'serverengine/socket_manager'
19
20
 
20
21
  module ServerEngine
21
22
 
@@ -185,6 +186,7 @@ module ServerEngine
185
186
  @command_sender_pipe.binmode
186
187
  options[:in] = inpipe
187
188
  end
189
+ env['SERVERENGINE_SOCKETMANAGER_INTERNAL_TOKEN'] = SocketManager::INTERNAL_TOKEN
188
190
  pid = Process.spawn(env, *args, options)
189
191
  if @command_sender == "pipe"
190
192
  inpipe.close
data/lib/serverengine/socket_manager.rb CHANGED
@@ -18,9 +18,18 @@
18
18
  require 'socket'
19
19
  require 'ipaddr'
20
20
  require 'time'
21
+ require 'securerandom'
22
+ require 'json'
23
+ require 'base64'
21
24
 
22
25
  module ServerEngine
23
26
  module SocketManager
27
+ # This token is used for communication between peers. If token is mismatched, messages will be discarded
28
+ INTERNAL_TOKEN = if ENV.has_key?('SERVERENGINE_SOCKETMANAGER_INTERNAL_TOKEN')
29
+ ENV['SERVERENGINE_SOCKETMANAGER_INTERNAL_TOKEN']
30
+ else
31
+ SecureRandom.hex
32
+ end
24
33
 
25
34
  class Client
26
35
  def initialize(path)
@@ -154,7 +163,8 @@ module ServerEngine
154
163
  end
155
164
 
156
165
  def self.send_peer(peer, obj)
157
- data = Marshal.dump(obj)
166
+ data = [SocketManager::INTERNAL_TOKEN, Base64.strict_encode64(Marshal.dump(obj))]
167
+ data = JSON.generate(data)
158
168
  peer.write [data.bytesize].pack('N')
159
169
  peer.write data
160
170
  end
@@ -165,7 +175,10 @@ module ServerEngine
165
175
 
166
176
  len = res.unpack('N').first
167
177
  data = peer.read(len)
168
- Marshal.load(data)
178
+ data = JSON.parse(data)
179
+ return nil if SocketManager::INTERNAL_TOKEN != data.first
180
+
181
+ Marshal.load(Base64.strict_decode64(data.last))
169
182
  end
170
183
 
171
184
  if ServerEngine.windows?
data/lib/serverengine/socket_manager_unix.rb CHANGED
@@ -70,7 +70,12 @@ module ServerEngine
70
70
  # when client changed working directory
71
71
  path = File.expand_path(path)
72
72
 
73
- @server = UNIXServer.new(path)
73
+ begin
74
+ old_umask = File.umask(0077) # Protect unix socket from other users
75
+ @server = UNIXServer.new(path)
76
+ ensure
77
+ File.umask(old_umask)
78
+ end
74
79
 
75
80
  @thread = Thread.new do
76
81
  begin
@@ -96,7 +101,14 @@ module ServerEngine
96
101
  end
97
102
 
98
103
  def send_socket(peer, pid, method, bind, port)
99
- sock = send(method, bind, port) # calls listen_tcp or listen_udp
104
+ sock = case method
105
+ when :listen_tcp
106
+ listen_tcp(bind, port)
107
+ when :listen_udp
108
+ listen_udp(bind, port)
109
+ else
110
+ raise ArgumentError, "Unknown method: #{method.inspect}"
111
+ end
100
112
 
101
113
  SocketManager.send_peer(peer, nil)
102
114
 
data/lib/serverengine/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ServerEngine
2
- VERSION = "2.0.7"
2
+ VERSION = "2.1.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: serverengine
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.7
4
+ version: 2.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sadayuki Furuhashi
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-07-10 00:00:00.000000000 Z
11
+ date: 2018-11-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sigdump
@@ -154,7 +154,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
154
154
  version: '0'
155
155
  requirements: []
156
156
  rubyforge_project:
157
- rubygems_version: 2.7.6
157
+ rubygems_version: 2.6.14.1
158
158
  signing_key:
159
159
  specification_version: 4
160
160
  summary: ServerEngine - multiprocess server framework