diff options
Diffstat (limited to 'perl-install/run_program.pm')
| -rw-r--r-- | perl-install/run_program.pm | 82 |
1 files changed, 70 insertions, 12 deletions
diff --git a/perl-install/run_program.pm b/perl-install/run_program.pm index 813c8de3e..c4d195c45 100644 --- a/perl-install/run_program.pm +++ b/perl-install/run_program.pm @@ -1,14 +1,22 @@ -package run_program; # $Id$ +package run_program; # $Id: run_program.pm 266118 2010-02-11 14:57:12Z pterjan $ use diagnostics; use strict; use c; use MDK::Common; +use common; # for get_parent_uid() use log; 1; +my $default_timeout = 10 * 60; + +sub set_default_timeout { + my ($seconds) = @_; + $default_timeout = $seconds; +} + sub run_or_die { my ($name, @args) = @_; run($name, @args) or die "$name failed\n"; @@ -24,6 +32,14 @@ sub get_stdout { run($name, '>', \@r, @args) or return; wantarray() ? @r : join('', @r); } + +sub get_stdout_raw { + my ($options, $name, @args) = @_; + my @r; + raw($options, $name, '>', \@r, @args) or return; + wantarray() ? @r : join('', @r); +} + sub rooted_get_stdout { my ($root, $name, @args) = @_; my @r; @@ -47,33 +63,52 @@ sub raw { ($stdout_mode, $stdout_raw, @args) = @args if $args[0] =~ /^>>?$/; ($stderr_mode, $stderr_raw, @args) = @args if $args[0] =~ /^2>>?$/; + my $home; + if ($options->{as_user}) { + my $user; + $user = $ENV{USERHELPER_UID} && getpwuid($ENV{USERHELPER_UID}); + $user ||= common::get_parent_uid(); + $options->{setuid} = getpwnam($user) if $user; + $home = $user->[7] if $user; + } + local $ENV{HOME} = $home if $home; + my $args = $options->{sensitive_arguments} ? '<hidden arguments>' : join(' ', @args); log::explanations("running: $real_name $args" . ($root ? " with root $root" : "")); - return 1 if $root && $<; + return if $root && $<; $root ? ($root .= '/') : ($root = ''); - $ENV{HOME} || $::isInstall or $ENV{HOME} = '/root'; my $tmpdir = sub { - my $dir = "$ENV{HOME}/tmp"; + my $dir = $< != 0 ? "$ENV{HOME}/tmp" : -d '/root' ? '/root/tmp' : '/tmp'; -d $dir or mkdir($dir, 0700); $dir; }; my $stdout = $stdout_raw && (ref($stdout_raw) ? $tmpdir->() . "/.drakx-stdout.$$" : "$root$stdout_raw"); my $stderr = $stderr_raw && (ref($stderr_raw) ? $tmpdir->() . "/.drakx-stderr.$$" : "$root$stderr_raw"); + #- checking if binary exist to avoid clobbering stdout file + my $rname = $real_name =~ /(.*?)[\s\|]/ ? $1 : $real_name; + if (! ($rname =~ m!^/! + ? -x "$root$rname" || $root && -l "$root$rname" #- handle non-relative symlink which can be broken when non-rooted + : whereis_binary($rname, $root))) { + log::l("program not found: $real_name"); + return; + } + if (my $pid = fork()) { if ($options->{detach}) { $pid; } else { my $ok; + add2hash_($options, { timeout => $default_timeout }); eval { local $SIG{ALRM} = sub { die "ALARM" }; - alarm($options->{timeout} || 10 * 60); + my $remaining = $options->{timeout} && $options->{timeout} ne 'never' && alarm($options->{timeout}); waitpid $pid, 0; - $ok = $? == 0; - alarm 0; + $ok = $? == -1 || ($? >> 8) == 0; + alarm $remaining; }; if ($@) { log::l("ERROR: killing runaway process (process=$real_name, pid=$pid, args=@args, error=$@)"); @@ -100,6 +135,24 @@ sub raw { $ok; } } else { + if ($options->{setuid}) { + require POSIX; + my ($logname, $home) = (getpwuid($options->{setuid}))[0,7]; + $ENV{LOGNAME} = $logname if $logname; + + # if we were root and are going to drop privilege, keep a copy of the X11 cookie: + if (!$> && $home) { + # FIXME: it would be better to remove this but most callers are using 'detach => 1'... + my $xauth = chomp_(`mktemp $home/.Xauthority.XXXXX`); + system('cp', '-a', $ENV{XAUTHORITY}, $xauth); + system('chown', $logname, $xauth); + $ENV{XAUTHORITY} = $xauth; + } + + # drop privileges: + POSIX::setuid($options->{setuid}); + } + sub die_exit { log::l($_[0]); c::_exit(128); @@ -107,19 +160,19 @@ sub raw { if ($stderr && $stderr eq 'STDERR') { } elsif ($stderr) { $stderr_mode =~ s/2//; - open STDERR, "$stderr_mode $stderr" or die_exit("run_program can not output in $stderr (mode `$stderr_mode')"); + open STDERR, "$stderr_mode $stderr" or die_exit("run_program cannot output in $stderr (mode `$stderr_mode')"); } elsif ($::isInstall) { - open STDERR, ">> /tmp/ddebug.log" or open STDOUT, ">> /dev/tty7" or die_exit("run_program can not log, give me access to /tmp/ddebug.log"); + open STDERR, ">> /tmp/ddebug.log" or open STDOUT, ">> /dev/tty7" or die_exit("run_program cannot log, give me access to /tmp/ddebug.log"); } if ($stdout && $stdout eq 'STDOUT') { } elsif ($stdout) { - open STDOUT, "$stdout_mode $stdout" or die_exit("run_program can not output in $stdout (mode `$stdout_mode')"); + open STDOUT, "$stdout_mode $stdout" or die_exit("run_program cannot output in $stdout (mode `$stdout_mode')"); } elsif ($::isInstall) { - open STDOUT, ">> /tmp/ddebug.log" or open STDOUT, ">> /dev/tty7" or die_exit("run_program can not log, give me access to /tmp/ddebug.log"); + open STDOUT, ">> /tmp/ddebug.log" or open STDOUT, ">> /dev/tty7" or die_exit("run_program cannot log, give me access to /tmp/ddebug.log"); } $root and chroot $root; - chdir "/"; + chdir($options->{chdir} || "/"); my $ok = ref $name ? do { exec { $name->[0] } $name->[1], @args; @@ -155,3 +208,8 @@ sub DESTROY { } 1; + +#- Local Variables: +#- mode:cperl +#- tab-width:8 +#- End: |