serverengine 2.0.7 → 2.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +5 -5
  2. data/.travis.yml +4 -3
  3. data/Changelog +4 -0
  4. data/lib/serverengine/process_manager.rb +2 -0
  5. data/lib/serverengine/socket_manager.rb +15 -2
  6. data/lib/serverengine/socket_manager_unix.rb +14 -2
  7. data/lib/serverengine/version.rb +1 -1
  8. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA256:
3
- metadata.gz: 849803d15dfe8e2b3e551b2849d8eb3d02deeffa271d4fa5f890ac4fb8db9a64
4
- data.tar.gz: 703964e48ed203464b7d98eeaee0a161c88c4fc9597c2c1028e4cc3860b52476
2
+ SHA1:
3
+ metadata.gz: 0fc6a5674589bf35670db4884c9d5b24ebc7c3ad
4
+ data.tar.gz: 2d90ee7be95869d687149d954d230462da3571c9
5
5
  SHA512:
6
- metadata.gz: 7b372a236fbb4861d6a1143c35a17466483d5e43730e6e6ce3a6dbe9c8a85cd560fbf7cb8a73e84edf7f0a56cecf9a1ec0e596cceed552c174d61d83765f2d49
7
- data.tar.gz: '092f8d447cab9895701e566fe5185f6043ca483ff2cc905c57ae653f5551b80f6b080b9f0b51fb1fc42b8466eae463a5809e0941a27e770323479cf99e5e1f92'
6
+ metadata.gz: fa77bfaee529a011584d2ca8791a65e99193b4e5d21ce1ccdb326aea1fdea6016d32e6ec481ebe1f2bc395cdec8fccfe592578327dffdec73a90a60308f29082
7
+ data.tar.gz: e3414b8d50c72c6c4a4eb82fafdfb4d2e9b3192c3390405b91b22db0b2929eba216a0544f1f377d80deafcd8fbae37bb01c7ea1d1c9f77e0597b92b54f196df2
data/.travis.yml CHANGED
@@ -2,9 +2,10 @@ language: ruby
2
2
 
3
3
  rvm:
4
4
  - 2.1.10
5
- - 2.2.6
6
- - 2.3.3
7
- - 2.4.0
5
+ - 2.2.9
6
+ - 2.3.8
7
+ - 2.4.5
8
+ - 2.5.3
8
9
  - ruby-head
9
10
 
10
11
  branches:
data/Changelog CHANGED
@@ -1,3 +1,7 @@
1
+ 2018-11-14 version 2.1.0:
2
+
3
+ * Improve socket manager security
4
+
1
5
  2018-07-09 version 2.0.7:
2
6
 
3
7
  * Add disable_sigdump option
data/lib/serverengine/process_manager.rb CHANGED
@@ -16,6 +16,7 @@
16
16
  # limitations under the License.
17
17
  #
18
18
  require 'fcntl'
19
+ require 'serverengine/socket_manager'
19
20
 
20
21
  module ServerEngine
21
22
 
@@ -185,6 +186,7 @@ module ServerEngine
185
186
  @command_sender_pipe.binmode
186
187
  options[:in] = inpipe
187
188
  end
189
+ env['SERVERENGINE_SOCKETMANAGER_INTERNAL_TOKEN'] = SocketManager::INTERNAL_TOKEN
188
190
  pid = Process.spawn(env, *args, options)
189
191
  if @command_sender == "pipe"
190
192
  inpipe.close
data/lib/serverengine/socket_manager.rb CHANGED
@@ -18,9 +18,18 @@
18
18
  require 'socket'
19
19
  require 'ipaddr'
20
20
  require 'time'
21
+ require 'securerandom'
22
+ require 'json'
23
+ require 'base64'
21
24
 
22
25
  module ServerEngine
23
26
  module SocketManager
27
+ # This token is used for communication between peers. If token is mismatched, messages will be discarded
28
+ INTERNAL_TOKEN = if ENV.has_key?('SERVERENGINE_SOCKETMANAGER_INTERNAL_TOKEN')
29
+ ENV['SERVERENGINE_SOCKETMANAGER_INTERNAL_TOKEN']
30
+ else
31
+ SecureRandom.hex
32
+ end
24
33
 
25
34
  class Client
26
35
  def initialize(path)
@@ -154,7 +163,8 @@ module ServerEngine
154
163
  end
155
164
 
156
165
  def self.send_peer(peer, obj)
157
- data = Marshal.dump(obj)
166
+ data = [SocketManager::INTERNAL_TOKEN, Base64.strict_encode64(Marshal.dump(obj))]
167
+ data = JSON.generate(data)
158
168
  peer.write [data.bytesize].pack('N')
159
169
  peer.write data
160
170
  end
@@ -165,7 +175,10 @@ module ServerEngine
165
175
 
166
176
  len = res.unpack('N').first
167
177
  data = peer.read(len)
168
- Marshal.load(data)
178
+ data = JSON.parse(data)
179
+ return nil if SocketManager::INTERNAL_TOKEN != data.first
180
+
181
+ Marshal.load(Base64.strict_decode64(data.last))
169
182
  end
170
183
 
171
184
  if ServerEngine.windows?
data/lib/serverengine/socket_manager_unix.rb CHANGED
@@ -70,7 +70,12 @@ module ServerEngine
70
70
  # when client changed working directory
71
71
  path = File.expand_path(path)
72
72
 
73
- @server = UNIXServer.new(path)
73
+ begin
74
+ old_umask = File.umask(0077) # Protect unix socket from other users
75
+ @server = UNIXServer.new(path)
76
+ ensure
77
+ File.umask(old_umask)
78
+ end
74
79
 
75
80
  @thread = Thread.new do
76
81
  begin
@@ -96,7 +101,14 @@ module ServerEngine
96
101
  end
97
102
 
98
103
  def send_socket(peer, pid, method, bind, port)
99
- sock = send(method, bind, port) # calls listen_tcp or listen_udp
104
+ sock = case method
105
+ when :listen_tcp
106
+ listen_tcp(bind, port)
107
+ when :listen_udp
108
+ listen_udp(bind, port)
109
+ else
110
+ raise ArgumentError, "Unknown method: #{method.inspect}"
111
+ end
100
112
 
101
113
  SocketManager.send_peer(peer, nil)
102
114
 
data/lib/serverengine/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ServerEngine
2
- VERSION = "2.0.7"
2
+ VERSION = "2.1.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: serverengine
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.7
4
+ version: 2.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sadayuki Furuhashi
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-07-10 00:00:00.000000000 Z
11
+ date: 2018-11-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sigdump
@@ -154,7 +154,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
154
154
  version: '0'
155
155
  requirements: []
156
156
  rubyforge_project:
157
- rubygems_version: 2.7.6
157
+ rubygems_version: 2.6.14.1
158
158
  signing_key:
159
159
  specification_version: 4
160
160
  summary: ServerEngine - multiprocess server framework