[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#67175] [PATCH 4/9] least-authority: Add support for changing UIDs/G
From: |
Ludovic Courtès |
Subject: |
[bug#67175] [PATCH 4/9] least-authority: Add support for changing UIDs/GIDs before exec. |
Date: |
Thu, 21 Dec 2023 23:13:06 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Hi!
Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
>
>> * guix/least-authority.scm (least-authority-wrapper): Add #:user
>> and #:group.
>> [code]: Add calls to ‘setgid’ and ‘setuid’ when appropriate.
>>
>> Change-Id: I2aad8e5686b42b5c92fc306b114c5c60cb8bc551
>
> This should mention it fixes bug #67175 :-).
Noted!
>> (define* (least-authority-wrapper program
>> #:key (name "pola-wrapper")
>> + (user #f)
>> + (group #f)
>> (guest-uid 1000)
>> (guest-gid 1000)
>> (mappings '())
>> @@ -55,7 +57,11 @@ (define* (least-authority-wrapper program
>> <file-system-mapping> records indicating directories mirrored inside the
>> execution environment of PROGRAM. DIRECTORY is the working directory of the
>> wrapped process. Each environment listed in PRESERVED-ENVIRONMENT-VARIABLES
>> -is preserved; other environment variables are erased."
>> +is preserved; other environment variables are erased.
>> +
>> +When USER and GROUP are set and NAMESPACES does not include 'user, change
>> UIDs
>> +and GIDs to these prior to executing PROGRAM. This usually requires that
>> the
>> +resulting wrapper be executed as root so it can call setgid(2) and
>> setuid(2)."
>
> About "usually"; in which case could a programm call to setgid and
> setuid without being root?
On Linux, a non-root process can have ‘CAP_SETGID’ and/or ‘CAP_SETUID’
and successfully call these.
So checking whether the UID is zero would not be accurate (tricky
semantics). I think it’s safer to let it fail and display the actual
error.
Thanks,
Ludo’.