Consolidate determination of UID/GID to run as
Currently the logic to work out what UID and GID we will run as is spread across conf(). If --runas is specified it's handled in conf_runas(), otherwise it's handled by check_root(), which depends on initialization of the uid and gid variables by either conf() itself or conf_runas(). Make this clearer by putting all the UID and GID logic into a single conf_ugid() function. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:

committed by
Stefano Brivio

parent
10c6347747
commit
80d7012b09
50
util.c
50
util.c
@@ -482,56 +482,6 @@ void drop_caps(void)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* check_root() - Check if root in init ns, exit if we can't drop to user
|
||||
*/
|
||||
void check_root(uid_t *uid, gid_t *gid)
|
||||
{
|
||||
const char root_uid_map[] = " 0 0 4294967295";
|
||||
struct passwd *pw;
|
||||
char buf[BUFSIZ];
|
||||
int fd;
|
||||
|
||||
if (!*uid)
|
||||
*uid = geteuid();
|
||||
|
||||
if (!*gid)
|
||||
*gid = getegid();
|
||||
|
||||
if (*uid)
|
||||
return;
|
||||
|
||||
if ((fd = open("/proc/self/uid_map", O_RDONLY | O_CLOEXEC)) < 0)
|
||||
return;
|
||||
|
||||
if (read(fd, buf, BUFSIZ) != sizeof(root_uid_map) ||
|
||||
strncmp(buf, root_uid_map, sizeof(root_uid_map) - 1)) {
|
||||
close(fd);
|
||||
return;
|
||||
}
|
||||
|
||||
close(fd);
|
||||
|
||||
if (!*uid) {
|
||||
fprintf(stderr, "Don't run as root. Changing to nobody...\n");
|
||||
#ifndef GLIBC_NO_STATIC_NSS
|
||||
pw = getpwnam("nobody");
|
||||
if (!pw) {
|
||||
perror("getpwnam");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
*uid = pw->pw_uid;
|
||||
*gid = pw->pw_gid;
|
||||
#else
|
||||
(void)pw;
|
||||
|
||||
/* Common value for 'nobody', not really specified */
|
||||
*uid = *gid = 65534;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* drop_root() - Switch to given UID and GID
|
||||
* @uid: User ID to switch to
|
||||
|
Reference in New Issue
Block a user