From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top
Subject: [PATCH v2 12/32] Don't store UID & GID persistently in the context structure
Date: Thu, 08 Sep 2022 16:16:01 +1000 [thread overview]
Message-ID: <20220908061621.2430844-13-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20220908061621.2430844-1-david@gibson.dropbear.id.au>
[-- Attachment #1: Type: text/plain, Size: 3803 bytes --]
c->uid and c->gid are first set in conf(), and last used in check_root()
itself called from conf(). Therefore these don't need to be fields in the
long lived context structure and can instead be locals in conf().
Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au>
---
conf.c | 8 +++++---
passt.h | 5 -----
util.c | 12 ++++++------
util.h | 2 +-
4 files changed, 12 insertions(+), 15 deletions(-)
diff --git a/conf.c b/conf.c
index 2edb4ae..0fe5266 100644
--- a/conf.c
+++ b/conf.c
@@ -1086,6 +1086,8 @@ void conf(struct ctx *c, int argc, char **argv)
uint32_t *dns4 = c->ip4.dns;
int name, ret, mask, b, i;
unsigned int ifi = 0;
+ uid_t uid = 0;
+ gid_t gid = 0;
if (c->mode == MODE_PASTA)
c->no_dhcp_dns = c->no_dhcp_dns_search = 1;
@@ -1208,12 +1210,12 @@ void conf(struct ctx *c, int argc, char **argv)
c->trace = c->debug = c->foreground = 1;
break;
case 12:
- if (c->uid || c->gid) {
+ if (uid || gid) {
err("Multiple --runas options given");
usage(argv[0]);
}
- if (conf_runas(optarg, &c->uid, &c->gid)) {
+ if (conf_runas(optarg, &uid, &gid)) {
err("Invalid --runas option: %s", optarg);
usage(argv[0]);
}
@@ -1497,7 +1499,7 @@ void conf(struct ctx *c, int argc, char **argv)
}
} while (name != -1);
- check_root(c);
+ check_root(&uid, &gid);
if (c->mode == MODE_PASTA) {
if (*netns && optind != argc) {
diff --git a/passt.h b/passt.h
index 347e7c1..3035430 100644
--- a/passt.h
+++ b/passt.h
@@ -144,8 +144,6 @@ struct ip6_ctx {
* @sock_path: Path for UNIX domain socket
* @pcap: Path for packet capture file
* @pid_file: Path to PID file, empty string if not configured
- * @uid: UID we should drop to, if started as root
- * @gid: GID we should drop to, if started as root
* @pasta_netns_fd: File descriptor for network namespace in pasta mode
* @pasta_userns_fd: Descriptor for user namespace to join, -1 once joined
* @netns_only: In pasta mode, don't join or create a user namespace
@@ -198,9 +196,6 @@ struct ctx {
char pcap[PATH_MAX];
char pid_file[PATH_MAX];
- uid_t uid;
- uid_t gid;
-
int pasta_netns_fd;
int pasta_userns_fd;
int netns_only;
diff --git a/util.c b/util.c
index 7e10deb..b2ccb3d 100644
--- a/util.c
+++ b/util.c
@@ -485,7 +485,7 @@ void drop_caps(void)
/**
* check_root() - Check if root in init ns, exit if we can't drop to user
*/
-void check_root(struct ctx *c)
+void check_root(uid_t *uid, gid_t *gid)
{
const char root_uid_map[] = " 0 0 4294967295";
struct passwd *pw;
@@ -506,7 +506,7 @@ void check_root(struct ctx *c)
close(fd);
- if (!c->uid) {
+ if (!*uid) {
fprintf(stderr, "Don't run as root. Changing to nobody...\n");
#ifndef GLIBC_NO_STATIC_NSS
pw = getpwnam("nobody");
@@ -515,17 +515,17 @@ void check_root(struct ctx *c)
exit(EXIT_FAILURE);
}
- c->uid = pw->pw_uid;
- c->gid = pw->pw_gid;
+ *uid = pw->pw_uid;
+ *gid = pw->pw_gid;
#else
(void)pw;
/* Common value for 'nobody', not really specified */
- c->uid = c->gid = 65534;
+ *uid = *gid = 65534;
#endif
}
- if (!setgroups(0, NULL) && !setgid(c->gid) && !setuid(c->uid))
+ if (!setgroups(0, NULL) && !setgid(*gid) && !setuid(*uid))
return;
fprintf(stderr, "Can't change user/group, exiting");
diff --git a/util.h b/util.h
index 8297bec..58312fb 100644
--- a/util.h
+++ b/util.h
@@ -234,7 +234,7 @@ char *line_read(char *buf, size_t len, int fd);
void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns,
uint8_t *map, uint8_t *exclude);
void drop_caps(void);
-void check_root(struct ctx *c);
+void check_root(uid_t *uid, gid_t *gid);
int ns_enter(const struct ctx *c);
void write_pidfile(int fd, pid_t pid);
int __daemon(int pidfile_fd, int devnull_fd);
--
@@ -234,7 +234,7 @@ char *line_read(char *buf, size_t len, int fd);
void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns,
uint8_t *map, uint8_t *exclude);
void drop_caps(void);
-void check_root(struct ctx *c);
+void check_root(uid_t *uid, gid_t *gid);
int ns_enter(const struct ctx *c);
void write_pidfile(int fd, pid_t pid);
int __daemon(int pidfile_fd, int devnull_fd);
--
2.37.3
next prev parent reply other threads:[~2022-09-08 6:16 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-08 6:15 [PATCH v2 00/32] Improve handling of test temporary files David Gibson
2022-09-08 6:15 ` [PATCH v2 01/32] test: Correctly match "background" with "wait" commands David Gibson
2022-09-08 6:15 ` [PATCH v2 02/32] test: Context execution helpers David Gibson
2022-09-08 6:15 ` [PATCH v2 03/32] test: Allow a tmux pane to watch commands executed in contexts David Gibson
2022-09-08 6:15 ` [PATCH v2 04/32] test: Integration of old-style pane execution and new context execution David Gibson
2022-09-08 6:15 ` [PATCH v2 05/32] test: Issue host commands via context for most tests David Gibson
2022-09-08 6:15 ` [PATCH v2 06/32] test: Use new-style contexts for passt pane in the pasta and passt tests David Gibson
2022-09-08 6:15 ` [PATCH v2 07/32] test: Add nsholder utility David Gibson
2022-09-08 6:15 ` [PATCH v2 08/32] test: Extend context system to run commands in namespace for pasta tests David Gibson
2022-09-08 6:15 ` [PATCH v2 09/32] test: Use context system for guest commands David Gibson
2022-09-08 6:15 ` [PATCH v2 10/32] test: Use context system for two_guests tests David Gibson
2022-09-08 6:16 ` [PATCH v2 11/32] test: Use new-style command issue for passt_in_ns tests David Gibson
2022-09-08 6:16 ` David Gibson [this message]
2022-09-08 6:16 ` [PATCH v2 13/32] Split checking for root from dropping root privilege David Gibson
2022-09-08 6:16 ` [PATCH v2 14/32] Consolidate determination of UID/GID to run as David Gibson
2022-09-08 6:16 ` [PATCH v2 15/32] Safer handling if we can't open /proc/self/uid_map David Gibson
2022-09-08 6:16 ` [PATCH v2 16/32] Move self-isolation code into a separate file David Gibson
2022-09-08 6:16 ` [PATCH v2 17/32] Consolidate validation of pasta namespace options David Gibson
2022-09-08 6:16 ` [PATCH v2 18/32] Clean up and rename conf_ns_open() David Gibson
2022-09-08 6:16 ` [PATCH v2 19/32] Correctly handle --netns-only in pasta_start_ns() David Gibson
2022-09-08 6:16 ` [PATCH v2 20/32] Handle userns isolation and dropping root at the same time David Gibson
2022-09-08 6:16 ` [PATCH v2 21/32] Allow --userns when pasta spawns a command David Gibson
2022-09-08 6:16 ` [PATCH v2 22/32] test: Group tests by context then protocol, rather than the reverse David Gibson
2022-09-08 6:16 ` [PATCH v2 23/32] test: Remove unused variable FFMPEG_PID_FILE David Gibson
2022-09-08 6:16 ` [PATCH v2 24/32] test: Actually run cleanup function David Gibson
2022-09-08 6:16 ` [PATCH v2 25/32] test: Create common state directories for temporary files David Gibson
2022-09-08 6:16 ` [PATCH v2 26/32] test: Move context temporary files to state dir David Gibson
2022-09-08 6:16 ` [PATCH v2 27/32] test: Dont regnerate small test file in pasta/tcp David Gibson
2022-09-08 6:16 ` [PATCH v2 28/32] test: Use paths in __STATEDIR__ instead of 'temp' and 'tempdir' directives David Gibson
2022-09-08 6:16 ` [PATCH v2 29/32] test: Move pause temporary file to state directory David Gibson
2022-09-08 6:16 ` [PATCH v2 30/32] test: Store pcap files in $LOGDIR instead of /tmp David Gibson
2022-09-08 6:16 ` [PATCH v2 31/32] test: Move pidfiles and nsholder sockets into state directory David Gibson
2022-09-08 6:16 ` [PATCH v2 32/32] test: Move video processing files to $STATEBASE David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220908061621.2430844-13-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).