On Led. 20, 2015, 8:48 odp., Miloslav Trmac wrote:
> src/rolekit/async.py, line 301
>
<
http://reviewboard-fedoraserver.rhcloud.com/r/131/diff/1/?file=524#file52...
>
> One way to fix: move this check inside set_ids(), and then call Popen(…
preexec_fn=set_ids)
>
> Another way, more similar to the current code:
> > if (user_uid is not None or user_gid is not None): # minimal cleanup
related to 0/none and being paranoid
> > preexec_fn = set_ids
> > else:
> > preexec_fn = None
> …
> and then call Popen(…, preexec_fn=preexec_fn)
> (change names as you like)
Oops, let me try to fix the line wraps:
if (user_uid is not None or user_gid is not None): # minimal cleanup related to 0/none
and being paranoid
preexec_fn = set_ids
else:
preexec_fn = None
… and then call Popen(…, preexec_fn=preexec_fn) (change names as you like)
On Led. 20, 2015, 8:48 odp., Miloslav Trmac wrote:
> src/rolekit/async.py, line 294
>
<
http://reviewboard-fedoraserver.rhcloud.com/r/131/diff/1/?file=524#file52...
>
> AFAICS _calling_ the demote() function is superfluous and, to me, confusing; we
only need to pass the set_ids callable.
Stephen Gallagher wrote:
I actually looked up how to do this in several places and all the examples I could
find insisted that it had to be done this way or else the calling application would also
be affected by the permission drop. I'm choosing to trust them.
Testing disagrees:
>> import os, subprocess
>> def set_ids(): os.setregid(1,1); os.setreuid(1,1)
...
>> p = subprocess.Popen(['/bin/id', '-a'],
preexec_fn = set_ids)
uid=1(bin) gid=1(bin) skupiny=1(bin),0(root)
kontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> print os.geteuid()
0
>> print os.getuid()
0
>> print os.getegid()
0
>> print os.getgid()
0
>>
(and this also shows that supplementary groups need to be dropped. Will raise both
separately in the new patch.)
On Led. 20, 2015, 8:48 odp., Miloslav Trmac wrote:
> src/rolekit/async.py, lines 298-299
>
<
http://reviewboard-fedoraserver.rhcloud.com/r/131/diff/1/?file=524#file52...
>
> setre[ug]id() to make it explicit that both are changed?
Stephen Gallagher wrote:
Seems excessive, but ok, sure.
Specifically setRE[ug]id would be better because set[ug]id also affects the e[ug]id in
not-quite-intuitive ways (and in platform-dependent ways, which does not matter for Linux
but makes readability worse). os.setreuid and os.setregid are available.
- Miloslav
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://reviewboard-fedoraserver.rhcloud.com/r/131/#review364
-----------------------------------------------------------
On Led. 21, 2015, 4:49 odp., Stephen Gallagher wrote:
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://reviewboard-fedoraserver.rhcloud.com/r/131/
-----------------------------------------------------------
(Updated Led. 21, 2015, 4:49 odp.)
Review request for RoleKit Mailing List, Miloslav Trmac, Stephen Gallagher, and Thomas
Woerner.
Repository: rolekit
Description
-------
Allow impersonating a different UID/GID in subprocesses
Diffs
-----
src/rolekit/async.py 0f9ddaac1beb27cebdf41ca0383a62a807c4fcb6
Diff:
http://reviewboard-fedoraserver.rhcloud.com/r/131/diff/
Testing
-------
Thanks,
Stephen Gallagher