(raw) introduce new 'as_user' parameter which tries harder to get user ID in

order to drop privileges ; also keep a copy of the X11 cookie (enable to fix #53999)
author: Thierry Vignaud <tv@mandriva.org> 2009-10-12 16:55:29 +0000
committer: Thierry Vignaud <tv@mandriva.org> 2009-10-12 16:55:29 +0000
commit: 7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a (patch)
tree: a452e6f149cdd2400f6615037bf232f3c860b0e9
parent: 15bb5068442bac799f685742bdd70cda018fda11 (diff)
download: drakx-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar
drakx-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar.gz
drakx-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar.bz2
drakx-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar.xz
drakx-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.zip
2 files changed, 23 insertions, 1 deletions
diff --git a/perl-install/NEWS b/perl-install/NEWS
index 6be13831a..ef42fdd97 100644
--- a/perl-install/NEWS
+++ b/perl-install/NEWS
@@ -1,3 +1,6 @@
+- run_program layer:
+  o keep a copy of the X11 cookie
+  o try harder to drop privileges
 - partitioning wizard:
   o put back "previous" button on actions (#54475)
   o fix typo in message
diff --git a/perl-install/run_program.pm b/perl-install/run_program.pm
index e1a6f7f04..a59f7a08b 100644
--- a/perl-install/run_program.pm
+++ b/perl-install/run_program.pm
@@ -5,6 +5,7 @@ use strict;
 use c;
 
 use MDK::Common;
+use common; # for get_parent_uid()
 use log;
 
 1;
@@ -47,6 +48,13 @@ sub raw {
     ($stdout_mode, $stdout_raw, @args) = @args if $args[0] =~ /^>>?$/;
     ($stderr_mode, $stderr_raw, @args) = @args if $args[0] =~ /^2>>?$/;
 
+    if ($options->{as_user}) {
+        my $user;
+        $user = $ENV{USERHELPER_UID} && getpwuid($ENV{USERHELPER_UID});
+        $user ||= common::get_parent_uid();
+        $options->{setuid} = getpwnam($user) if $user;
+    }
+
     my $args = $options->{sensitive_arguments} ? '<hidden arguments>' : join(' ', @args);
     log::explanations("running: $real_name $args" . ($root ? " with root $root" : ""));
 
@@ -111,7 +119,18 @@ sub raw {
     } else {
         if ($options->{setuid}) {
             require POSIX;
-            $ENV{LOGNAME} = getpwuid($options->{setuid}) || $ENV{LOGNAME};
+            my ($logname, $home) = (getpwuid(501))[0,7];
+            $ENV{LOGNAME} = $logname if $logname;
+
+            # if we were root and are going to drop privilege, keep a copy of the X11 cookie:
+            if (!$> && $home) {
+                # FIXME: it would be better to remove this but most callers are using 'detach => 1'...
+                my $xauth = chomp_(`mktemp $home/.Xauthority.XXXXX`);
+                system('cp', '-a', $ENV{XAUTHORITY}, $xauth);
+                system('chown', $logname, $xauth);
+                $ENV{XAUTHORITY} = $xauth;
+            }
+
             # drop privileges:
             POSIX::setuid($options->{setuid});
         }
author	Thierry Vignaud <tv@mandriva.org>	2009-10-12 16:55:29 +0000
committer	Thierry Vignaud <tv@mandriva.org>	2009-10-12 16:55:29 +0000
commit	7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a (patch)
tree	a452e6f149cdd2400f6615037bf232f3c860b0e9
parent	15bb5068442bac799f685742bdd70cda018fda11 (diff)
download	drakx-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar drakx-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar.gz drakx-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar.bz2 drakx-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.tar.xz drakx-7fdbcf66592dfec2b3c8704e6f43bdaeba708f0a.zip