This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
laforge gerrit-no-reply at lists.osmocom.orglaforge has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/17852 )
Change subject: exec: Introduce osmo_system_nowait2() to allow specify a user
......................................................................
exec: Introduce osmo_system_nowait2() to allow specify a user
For a process running as root, it may be desirable to drop privileges
down to a normal user before executing an external command. Let's
add a new API function for that.
Change-Id: If1431f930f72a8d6c1d102426874a11b7a2debd9
---
M include/osmocom/core/exec.h
M src/exec.c
2 files changed, 28 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/52/17852/1
diff --git a/include/osmocom/core/exec.h b/include/osmocom/core/exec.h
index 6bbd352..e63ec11 100644
--- a/include/osmocom/core/exec.h
+++ b/include/osmocom/core/exec.h
@@ -25,4 +25,5 @@
int osmo_environment_filter(char **out, size_t out_len, char **in, const char **whitelist);
int osmo_environment_append(char **out, size_t out_len, char **in);
int osmo_close_all_fds_above(int last_fd_to_keep);
+int osmo_system_nowait2(const char *command, const char **env_whitelist, char **addl_env, const char *user);
int osmo_system_nowait(const char *command, const char **env_whitelist, char **addl_env);
diff --git a/src/exec.c b/src/exec.c
index 62f5919..dfe019b 100644
--- a/src/exec.c
+++ b/src/exec.c
@@ -23,6 +23,7 @@
#include "config.h"
#ifndef EMBEDDED
+#define _GNU_SOURCE
#include <unistd.h>
#include <errno.h>
@@ -31,6 +32,7 @@
#include <stdio.h>
#include <dirent.h>
#include <sys/types.h>
+#include <pwd.h>
#include <osmocom/core/logging.h>
#include <osmocom/core/utils.h>
@@ -203,12 +205,20 @@
* \param[in] command the shell command to be executed, see system(3)
* \param[in] env_whitelist A white-list of keys for environment variables
* \param[in] addl_env any additional environment variables to be appended
+ * \param[in] user name of the user to which we should switch before executing the command
* \returns PID of generated child process; negative on error
*/
-int osmo_system_nowait(const char *command, const char **env_whitelist, char **addl_env)
+int osmo_system_nowait2(const char *command, const char **env_whitelist, char **addl_env, const char *user)
{
+ struct passwd *pw = NULL;
int rc;
+ if (user) {
+ pw = getpwnam(user);
+ if (!pw)
+ return -EINVAL;
+ }
+
rc = fork();
if (rc == 0) {
/* we are in the child */
@@ -232,6 +242,16 @@
return rc;
}
+ /* drop privileges */
+ if (pw) {
+ if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
+ exit(1);
+
+ if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
+ exit(1);
+
+ }
+
/* if we want to behave like system(3), we must go via the shell */
execle("/bin/sh", "sh", "-c", command, (char *) NULL, new_env);
/* only reached in case of error */
@@ -244,4 +264,10 @@
}
}
+int osmo_system_nowait(const char *command, const char **env_whitelist, char **addl_env)
+{
+ return osmo_system_nowait2(command, env_whitelist, addl_env, NULL);
+}
+
+
#endif /* EMBEDDED */
--
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/17852
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: If1431f930f72a8d6c1d102426874a11b7a2debd9
Gerrit-Change-Number: 17852
Gerrit-PatchSet: 1
Gerrit-Owner: laforge <laforge at osmocom.org>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200417/f194d041/attachment.htm>