summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThierry Vignaud <tv@mandriva.org>2009-10-12 16:55:29 +0000
committerThierry Vignaud <tv@mandriva.org>2009-10-12 16:55:29 +0000
commit7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a (patch)
treea452e6f149cdd2400f6615037bf232f3c860b0e9
parent15bb5068442bac799f685742bdd70cda018fda11 (diff)
downloaddrakx-backup-do-not-use-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar
drakx-backup-do-not-use-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar.gz
drakx-backup-do-not-use-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar.bz2
drakx-backup-do-not-use-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar.xz
drakx-backup-do-not-use-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.zip
(raw) introduce new 'as_user' parameter which tries harder to get user ID in
order to drop privileges ; also keep a copy of the X11 cookie (enable to fix #53999)
-rw-r--r--perl-install/NEWS3
-rw-r--r--perl-install/run_program.pm21
2 files changed, 23 insertions, 1 deletions
diff --git a/perl-install/NEWS b/perl-install/NEWS
index 6be13831a..ef42fdd97 100644
--- a/perl-install/NEWS
+++ b/perl-install/NEWS
@@ -1,3 +1,6 @@
+- run_program layer:
+ o keep a copy of the X11 cookie
+ o try harder to drop privileges
- partitioning wizard:
o put back "previous" button on actions (#54475)
o fix typo in message
diff --git a/perl-install/run_program.pm b/perl-install/run_program.pm
index e1a6f7f04..a59f7a08b 100644
--- a/perl-install/run_program.pm
+++ b/perl-install/run_program.pm
@@ -5,6 +5,7 @@ use strict;
use c;
use MDK::Common;
+use common; # for get_parent_uid()
use log;
1;
@@ -47,6 +48,13 @@ sub raw {
($stdout_mode, $stdout_raw, @args) = @args if $args[0] =~ /^>>?$/;
($stderr_mode, $stderr_raw, @args) = @args if $args[0] =~ /^2>>?$/;
+ if ($options->{as_user}) {
+ my $user;
+ $user = $ENV{USERHELPER_UID} && getpwuid($ENV{USERHELPER_UID});
+ $user ||= common::get_parent_uid();
+ $options->{setuid} = getpwnam($user) if $user;
+ }
+
my $args = $options->{sensitive_arguments} ? '<hidden arguments>' : join(' ', @args);
log::explanations("running: $real_name $args" . ($root ? " with root $root" : ""));
@@ -111,7 +119,18 @@ sub raw {
} else {
if ($options->{setuid}) {
require POSIX;
- $ENV{LOGNAME} = getpwuid($options->{setuid}) || $ENV{LOGNAME};
+ my ($logname, $home) = (getpwuid(501))[0,7];
+ $ENV{LOGNAME} = $logname if $logname;
+
+ # if we were root and are going to drop privilege, keep a copy of the X11 cookie:
+ if (!$> && $home) {
+ # FIXME: it would be better to remove this but most callers are using 'detach => 1'...
+ my $xauth = chomp_(`mktemp $home/.Xauthority.XXXXX`);
+ system('cp', '-a', $ENV{XAUTHORITY}, $xauth);
+ system('chown', $logname, $xauth);
+ $ENV{XAUTHORITY} = $xauth;
+ }
+
# drop privileges:
POSIX::setuid($options->{setuid});
}