On Led. 20, 2015, 8:48 odp., Miloslav Trmac wrote:
src/rolekit/async.py, line 294 http://reviewboard-fedoraserver.rhcloud.com/r/131/diff/1/?file=524#file524line294
AFAICS _calling_ the demote() function is superfluous and, to me, confusing; we only need to pass the set_ids callable.
Stephen Gallagher wrote: I actually looked up how to do this in several places and all the examples I could find insisted that it had to be done this way or else the calling application would also be affected by the permission drop. I'm choosing to trust them.
Miloslav Trmac wrote: Testing disagrees:
>>> import os, subprocess >>> def set_ids(): os.setregid(1,1); os.setreuid(1,1) ... >>> p = subprocess.Popen(['/bin/id', '-a'], preexec_fn = set_ids) uid=1(bin) gid=1(bin) skupiny=1(bin),0(root) kontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >>> print os.geteuid() 0 >>> print os.getuid() 0 >>> print os.getegid() 0 >>> print os.getgid() 0 >>> (and this also shows that supplementary groups need to be dropped. Will raise both separately in the new patch.)
On one more thought… 1) The only way those “several places” make sense to me is that _calling_ set_ids() within the parent process, instead of just referring to its name, would indeed affect the parent; that this is a syntax confusion and the existence of demote allows using preexec_fn = some_function_name_and_parentheses() hiding this syntax confusion. Just a guess, though. 2) Actually, the middle function might be useful to avoid a circular reference between subprocess_future closure <-> the Popen object . I’m not actually sure how Python does this (would the “process” variable be a part of the closure?) but using a smaller closure is more obviously refcounting-friendly. So let’s keep it as it is.
- Miloslav
----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://reviewboard-fedoraserver.rhcloud.com/r/131/#review364 -----------------------------------------------------------
On Led. 21, 2015, 4:49 odp., Stephen Gallagher wrote:
This is an automatically generated e-mail. To reply, visit: http://reviewboard-fedoraserver.rhcloud.com/r/131/
(Updated Led. 21, 2015, 4:49 odp.)
Review request for RoleKit Mailing List, Miloslav Trmac, Stephen Gallagher, and Thomas Woerner.
Repository: rolekit
Description
Allow impersonating a different UID/GID in subprocesses
Diffs
src/rolekit/async.py 0f9ddaac1beb27cebdf41ca0383a62a807c4fcb6
Diff: http://reviewboard-fedoraserver.rhcloud.com/r/131/diff/
Testing
Thanks,
Stephen Gallagher