diff options
author | Thierry Vignaud <tv@mandriva.org> | 2009-10-12 16:55:29 +0000 |
---|---|---|
committer | Thierry Vignaud <tv@mandriva.org> | 2009-10-12 16:55:29 +0000 |
commit | 7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a (patch) | |
tree | a452e6f149cdd2400f6615037bf232f3c860b0e9 | |
parent | 15bb5068442bac799f685742bdd70cda018fda11 (diff) | |
download | drakx-backup-do-not-use-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar drakx-backup-do-not-use-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar.gz drakx-backup-do-not-use-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar.bz2 drakx-backup-do-not-use-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar.xz drakx-backup-do-not-use-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.zip |
(raw) introduce new 'as_user' parameter which tries harder to get user ID in
order to drop privileges ; also keep a copy of the X11 cookie (enable to fix
#53999)
-rw-r--r-- | perl-install/NEWS | 3 | ||||
-rw-r--r-- | perl-install/run_program.pm | 21 |
2 files changed, 23 insertions, 1 deletions
diff --git a/perl-install/NEWS b/perl-install/NEWS index 6be13831a..ef42fdd97 100644 --- a/perl-install/NEWS +++ b/perl-install/NEWS @@ -1,3 +1,6 @@ +- run_program layer: + o keep a copy of the X11 cookie + o try harder to drop privileges - partitioning wizard: o put back "previous" button on actions (#54475) o fix typo in message diff --git a/perl-install/run_program.pm b/perl-install/run_program.pm index e1a6f7f04..a59f7a08b 100644 --- a/perl-install/run_program.pm +++ b/perl-install/run_program.pm @@ -5,6 +5,7 @@ use strict; use c; use MDK::Common; +use common; # for get_parent_uid() use log; 1; @@ -47,6 +48,13 @@ sub raw { ($stdout_mode, $stdout_raw, @args) = @args if $args[0] =~ /^>>?$/; ($stderr_mode, $stderr_raw, @args) = @args if $args[0] =~ /^2>>?$/; + if ($options->{as_user}) { + my $user; + $user = $ENV{USERHELPER_UID} && getpwuid($ENV{USERHELPER_UID}); + $user ||= common::get_parent_uid(); + $options->{setuid} = getpwnam($user) if $user; + } + my $args = $options->{sensitive_arguments} ? '<hidden arguments>' : join(' ', @args); log::explanations("running: $real_name $args" . ($root ? " with root $root" : "")); @@ -111,7 +119,18 @@ sub raw { } else { if ($options->{setuid}) { require POSIX; - $ENV{LOGNAME} = getpwuid($options->{setuid}) || $ENV{LOGNAME}; + my ($logname, $home) = (getpwuid(501))[0,7]; + $ENV{LOGNAME} = $logname if $logname; + + # if we were root and are going to drop privilege, keep a copy of the X11 cookie: + if (!$> && $home) { + # FIXME: it would be better to remove this but most callers are using 'detach => 1'... + my $xauth = chomp_(`mktemp $home/.Xauthority.XXXXX`); + system('cp', '-a', $ENV{XAUTHORITY}, $xauth); + system('chown', $logname, $xauth); + $ENV{XAUTHORITY} = $xauth; + } + # drop privileges: POSIX::setuid($options->{setuid}); } |