<p>laforge <strong>submitted</strong> this change.</p><p><a href="https://gerrit.osmocom.org/c/libosmocore/+/17852">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Jenkins Builder: Verified
pespin: Looks good to me, but someone else must approve
laforge: Looks good to me, approved
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">exec: Introduce osmo_system_nowait2() to allow specify a user<br><br>For a process running as root, it may be desirable to drop privileges<br>down to a normal user before executing an external command. Let's<br>add a new API function for that.<br><br>Change-Id: If1431f930f72a8d6c1d102426874a11b7a2debd9<br>---<br>M include/osmocom/core/exec.h<br>M src/exec.c<br>2 files changed, 49 insertions(+), 2 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/include/osmocom/core/exec.h b/include/osmocom/core/exec.h</span><br><span>index 6bbd352..e63ec11 100644</span><br><span>--- a/include/osmocom/core/exec.h</span><br><span>+++ b/include/osmocom/core/exec.h</span><br><span>@@ -25,4 +25,5 @@</span><br><span> int osmo_environment_filter(char **out, size_t out_len, char **in, const char **whitelist);</span><br><span> int osmo_environment_append(char **out, size_t out_len, char **in);</span><br><span> int osmo_close_all_fds_above(int last_fd_to_keep);</span><br><span style="color: hsl(120, 100%, 40%);">+int osmo_system_nowait2(const char *command, const char **env_whitelist, char **addl_env, const char *user);</span><br><span> int osmo_system_nowait(const char *command, const char **env_whitelist, char **addl_env);</span><br><span>diff --git a/src/exec.c b/src/exec.c</span><br><span>index 62f5919..578e2b1 100644</span><br><span>--- a/src/exec.c</span><br><span>+++ b/src/exec.c</span><br><span>@@ -23,6 +23,7 @@</span><br><span> #include "config.h"</span><br><span> #ifndef EMBEDDED</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+#define _GNU_SOURCE</span><br><span> #include <unistd.h></span><br><span> </span><br><span> #include <errno.h></span><br><span>@@ -31,6 +32,7 @@</span><br><span> #include <stdio.h></span><br><span> #include <dirent.h></span><br><span> #include <sys/types.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <pwd.h></span><br><span> </span><br><span> #include <osmocom/core/logging.h></span><br><span> #include <osmocom/core/utils.h></span><br><span>@@ -192,23 +194,34 @@</span><br><span> /* Seems like POSIX has no header file for this, and even glibc + __USE_GNU doesn't help */</span><br><span> extern char **environ;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-/*! call an external shell command without waiting for it.</span><br><span style="color: hsl(120, 100%, 40%);">+/*! call an external shell command as 'user' without waiting for it.</span><br><span> *</span><br><span> * This mimics the behavior of system(3), with the following differences:</span><br><span> * - it doesn't wait for completion of the child process</span><br><span> * - it closes all non-stdio file descriptors by iterating /proc/self/fd</span><br><span> * - it constructs a reduced environment where only whitelisted keys survive</span><br><span> * - it (optionally) appends additional variables to the environment</span><br><span style="color: hsl(120, 100%, 40%);">+ * - it (optionally) changes the user ID to that of 'user' (requires execution as root)</span><br><span> *</span><br><span> * \param[in] command the shell command to be executed, see system(3)</span><br><span> * \param[in] env_whitelist A white-list of keys for environment variables</span><br><span> * \param[in] addl_env any additional environment variables to be appended</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param[in] user name of the user to which we should switch before executing the command</span><br><span> * \returns PID of generated child process; negative on error</span><br><span> */</span><br><span style="color: hsl(0, 100%, 40%);">-int osmo_system_nowait(const char *command, const char **env_whitelist, char **addl_env)</span><br><span style="color: hsl(120, 100%, 40%);">+int osmo_system_nowait2(const char *command, const char **env_whitelist, char **addl_env, const char *user)</span><br><span> {</span><br><span style="color: hsl(120, 100%, 40%);">+ struct passwd _pw, *pw;</span><br><span style="color: hsl(120, 100%, 40%);">+ int getpw_buflen = sysconf(_SC_GETPW_R_SIZE_MAX);</span><br><span> int rc;</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ if (user) {</span><br><span style="color: hsl(120, 100%, 40%);">+ char buf[getpw_buflen];</span><br><span style="color: hsl(120, 100%, 40%);">+ getpwnam_r(user, &_pw, buf, sizeof(buf), &pw);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!pw)</span><br><span style="color: hsl(120, 100%, 40%);">+ return -EINVAL;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> rc = fork();</span><br><span> if (rc == 0) {</span><br><span> /* we are in the child */</span><br><span>@@ -232,6 +245,20 @@</span><br><span> return rc;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ /* drop privileges */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (pw) {</span><br><span style="color: hsl(120, 100%, 40%);">+ if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+ perror("setresgid() during privilege drop");</span><br><span style="color: hsl(120, 100%, 40%);">+ exit(1);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+ perror("setresuid() during privilege drop");</span><br><span style="color: hsl(120, 100%, 40%);">+ exit(1);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> /* if we want to behave like system(3), we must go via the shell */</span><br><span> execle("/bin/sh", "sh", "-c", command, (char *) NULL, new_env);</span><br><span> /* only reached in case of error */</span><br><span>@@ -244,4 +271,23 @@</span><br><span> }</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+/*! call an external shell command without waiting for it.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This mimics the behavior of system(3), with the following differences:</span><br><span style="color: hsl(120, 100%, 40%);">+ * - it doesn't wait for completion of the child process</span><br><span style="color: hsl(120, 100%, 40%);">+ * - it closes all non-stdio file descriptors by iterating /proc/self/fd</span><br><span style="color: hsl(120, 100%, 40%);">+ * - it constructs a reduced environment where only whitelisted keys survive</span><br><span style="color: hsl(120, 100%, 40%);">+ * - it (optionally) appends additional variables to the environment</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param[in] command the shell command to be executed, see system(3)</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param[in] env_whitelist A white-list of keys for environment variables</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param[in] addl_env any additional environment variables to be appended</span><br><span style="color: hsl(120, 100%, 40%);">+ * \returns PID of generated child process; negative on error</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+int osmo_system_nowait(const char *command, const char **env_whitelist, char **addl_env)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ return osmo_system_nowait2(command, env_whitelist, addl_env, NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> #endif /* EMBEDDED */</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/libosmocore/+/17852">change 17852</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/libosmocore/+/17852"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: libosmocore </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: If1431f930f72a8d6c1d102426874a11b7a2debd9 </div>
<div style="display:none"> Gerrit-Change-Number: 17852 </div>
<div style="display:none"> Gerrit-PatchSet: 2 </div>
<div style="display:none"> Gerrit-Owner: laforge <laforge@osmocom.org> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: laforge <laforge@osmocom.org> </div>
<div style="display:none"> Gerrit-Reviewer: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-CC: fixeria <axilirator@gmail.com> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>