This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
laforge gerrit-no-reply at lists.osmocom.orglaforge has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/17852 ) Change subject: exec: Introduce osmo_system_nowait2() to allow specify a user ...................................................................... exec: Introduce osmo_system_nowait2() to allow specify a user For a process running as root, it may be desirable to drop privileges down to a normal user before executing an external command. Let's add a new API function for that. Change-Id: If1431f930f72a8d6c1d102426874a11b7a2debd9 --- M include/osmocom/core/exec.h M src/exec.c 2 files changed, 28 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/52/17852/1 diff --git a/include/osmocom/core/exec.h b/include/osmocom/core/exec.h index 6bbd352..e63ec11 100644 --- a/include/osmocom/core/exec.h +++ b/include/osmocom/core/exec.h @@ -25,4 +25,5 @@ int osmo_environment_filter(char **out, size_t out_len, char **in, const char **whitelist); int osmo_environment_append(char **out, size_t out_len, char **in); int osmo_close_all_fds_above(int last_fd_to_keep); +int osmo_system_nowait2(const char *command, const char **env_whitelist, char **addl_env, const char *user); int osmo_system_nowait(const char *command, const char **env_whitelist, char **addl_env); diff --git a/src/exec.c b/src/exec.c index 62f5919..dfe019b 100644 --- a/src/exec.c +++ b/src/exec.c @@ -23,6 +23,7 @@ #include "config.h" #ifndef EMBEDDED +#define _GNU_SOURCE #include <unistd.h> #include <errno.h> @@ -31,6 +32,7 @@ #include <stdio.h> #include <dirent.h> #include <sys/types.h> +#include <pwd.h> #include <osmocom/core/logging.h> #include <osmocom/core/utils.h> @@ -203,12 +205,20 @@ * \param[in] command the shell command to be executed, see system(3) * \param[in] env_whitelist A white-list of keys for environment variables * \param[in] addl_env any additional environment variables to be appended + * \param[in] user name of the user to which we should switch before executing the command * \returns PID of generated child process; negative on error */ -int osmo_system_nowait(const char *command, const char **env_whitelist, char **addl_env) +int osmo_system_nowait2(const char *command, const char **env_whitelist, char **addl_env, const char *user) { + struct passwd *pw = NULL; int rc; + if (user) { + pw = getpwnam(user); + if (!pw) + return -EINVAL; + } + rc = fork(); if (rc == 0) { /* we are in the child */ @@ -232,6 +242,16 @@ return rc; } + /* drop privileges */ + if (pw) { + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) + exit(1); + + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) + exit(1); + + } + /* if we want to behave like system(3), we must go via the shell */ execle("/bin/sh", "sh", "-c", command, (char *) NULL, new_env); /* only reached in case of error */ @@ -244,4 +264,10 @@ } } +int osmo_system_nowait(const char *command, const char **env_whitelist, char **addl_env) +{ + return osmo_system_nowait2(command, env_whitelist, addl_env, NULL); +} + + #endif /* EMBEDDED */ -- To view, visit https://gerrit.osmocom.org/c/libosmocore/+/17852 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Change-Id: If1431f930f72a8d6c1d102426874a11b7a2debd9 Gerrit-Change-Number: 17852 Gerrit-PatchSet: 1 Gerrit-Owner: laforge <laforge at osmocom.org> Gerrit-MessageType: newchange -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200417/f194d041/attachment.htm>