* [Qemu-devel] [PATCH 1/2] Do not generate spurious error for -runas root @ 2011-11-24 16:29 Chris Webb 2011-11-24 16:29 ` [Qemu-devel] [PATCH 2/2] Allow -runas to be specified as UID:GID as well as USERNAME Chris Webb 0 siblings, 1 reply; 5+ messages in thread From: Chris Webb @ 2011-11-24 16:29 UTC (permalink / raw) To: qemu-devel; +Cc: Chris Webb change_process_uid() checks that privileges have been successfully dropped by verifying that setuid(0) fails. However, if qemu is explicitly -runas root, the setuid(0) would correctly succeed, so we skip the test in that case. Signed-off-by: Chris Webb <chris@arachsys.com> --- os-posix.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/os-posix.c b/os-posix.c index dc4a6bb..1b2061a 100644 --- a/os-posix.c +++ b/os-posix.c @@ -209,7 +209,7 @@ static void change_process_uid(void) fprintf(stderr, "Failed to setuid(%d)\n", user_pwd->pw_uid); exit(1); } - if (setuid(0) != -1) { + if (user_pwd->pw_uid != 0 && setuid(0) != -1) { fprintf(stderr, "Dropping privileges failed\n"); exit(1); } -- 1.7.5.4 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Qemu-devel] [PATCH 2/2] Allow -runas to be specified as UID:GID as well as USERNAME 2011-11-24 16:29 [Qemu-devel] [PATCH 1/2] Do not generate spurious error for -runas root Chris Webb @ 2011-11-24 16:29 ` Chris Webb 2011-11-24 16:46 ` Avi Kivity 0 siblings, 1 reply; 5+ messages in thread From: Chris Webb @ 2011-11-24 16:29 UTC (permalink / raw) To: qemu-devel; +Cc: Chris Webb This allows qemu to drop privileges to a dynamically allocated, anonymous UID and GID without needing a temporary /etc/passwd entry for that UID. The UID:GID format is very standard, being (for example) the syntax used by chown(1) for numeric IDs. Signed-off-by: Chris Webb <chris@arachsys.com> --- os-posix.c | 16 +++++++++++++++- 1 files changed, 15 insertions(+), 1 deletions(-) diff --git a/os-posix.c b/os-posix.c index 1b2061a..66f5018 100644 --- a/os-posix.c +++ b/os-posix.c @@ -179,6 +179,15 @@ void os_parse_cmd_args(int index, const char *optarg) case QEMU_OPTION_runas: user_pwd = getpwnam(optarg); if (!user_pwd) { + long uid, gid, tail; + if (sscanf(optarg, "%ld:%ld%ln", &uid, &gid, &tail) >= 2 + && !optarg[tail]) { + user_pwd = g_malloc0(sizeof(user_pwd)); + user_pwd->pw_uid = uid; + user_pwd->pw_gid = gid; + } + } + if (!user_pwd) { fprintf(stderr, "User \"%s\" doesn't exist\n", optarg); exit(1); } @@ -200,7 +209,12 @@ static void change_process_uid(void) fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid); exit(1); } - if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) { + if (!user_pwd->pw_name) { + if (setgroups(0, NULL) < 0) { + fprintf(stderr, "Failed to setgroups(0, NULL)\n"); + exit(1); + } + } else if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) { fprintf(stderr, "Failed to initgroups(\"%s\", %d)\n", user_pwd->pw_name, user_pwd->pw_gid); exit(1); -- 1.7.5.4 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] Allow -runas to be specified as UID:GID as well as USERNAME 2011-11-24 16:29 ` [Qemu-devel] [PATCH 2/2] Allow -runas to be specified as UID:GID as well as USERNAME Chris Webb @ 2011-11-24 16:46 ` Avi Kivity 2011-11-24 16:47 ` Avi Kivity 2011-11-24 16:47 ` Chris Webb 0 siblings, 2 replies; 5+ messages in thread From: Avi Kivity @ 2011-11-24 16:46 UTC (permalink / raw) To: Chris Webb; +Cc: qemu-devel On 11/24/2011 06:29 PM, Chris Webb wrote: > This allows qemu to drop privileges to a dynamically allocated, anonymous UID > and GID without needing a temporary /etc/passwd entry for that UID. The > UID:GID format is very standard, being (for example) the syntax used by > chown(1) for numeric IDs. > @@ -179,6 +179,15 @@ void os_parse_cmd_args(int index, const char *optarg) > case QEMU_OPTION_runas: > user_pwd = getpwnam(optarg); > if (!user_pwd) { > + long uid, gid, tail; > + if (sscanf(optarg, "%ld:%ld%ln", &uid, &gid, &tail) >= 2 > + && !optarg[tail]) { > + user_pwd = g_malloc0(sizeof(user_pwd)); g_new0() please. user_pwd is never freed, not that it matters ,uch. > + user_pwd->pw_uid = uid; > + user_pwd->pw_gid = gid; > + } > + } > + if (!user_pwd) { > fprintf(stderr, "User \"%s\" doesn't exist\n", optarg); > exit(1); > } -- error compiling committee.c: too many arguments to function ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] Allow -runas to be specified as UID:GID as well as USERNAME 2011-11-24 16:46 ` Avi Kivity @ 2011-11-24 16:47 ` Avi Kivity 2011-11-24 16:47 ` Chris Webb 1 sibling, 0 replies; 5+ messages in thread From: Avi Kivity @ 2011-11-24 16:47 UTC (permalink / raw) To: Chris Webb; +Cc: qemu-devel On 11/24/2011 06:46 PM, Avi Kivity wrote: > On 11/24/2011 06:29 PM, Chris Webb wrote: > > This allows qemu to drop privileges to a dynamically allocated, anonymous UID > > and GID without needing a temporary /etc/passwd entry for that UID. The > > UID:GID format is very standard, being (for example) the syntax used by > > chown(1) for numeric IDs. > > > @@ -179,6 +179,15 @@ void os_parse_cmd_args(int index, const char *optarg) > > case QEMU_OPTION_runas: > > user_pwd = getpwnam(optarg); > > if (!user_pwd) { > > + long uid, gid, tail; > > + if (sscanf(optarg, "%ld:%ld%ln", &uid, &gid, &tail) >= 2 > > + && !optarg[tail]) { > > + user_pwd = g_malloc0(sizeof(user_pwd)); > > g_new0() please. In fact this is a bug - you allocate a pointer instead of a struct passwd. -- error compiling committee.c: too many arguments to function ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] Allow -runas to be specified as UID:GID as well as USERNAME 2011-11-24 16:46 ` Avi Kivity 2011-11-24 16:47 ` Avi Kivity @ 2011-11-24 16:47 ` Chris Webb 1 sibling, 0 replies; 5+ messages in thread From: Chris Webb @ 2011-11-24 16:47 UTC (permalink / raw) To: Avi Kivity; +Cc: qemu-devel Avi Kivity <avi@redhat.com> writes: > On 11/24/2011 06:29 PM, Chris Webb wrote: > > This allows qemu to drop privileges to a dynamically allocated, anonymous UID > > and GID without needing a temporary /etc/passwd entry for that UID. The > > UID:GID format is very standard, being (for example) the syntax used by > > chown(1) for numeric IDs. > > > @@ -179,6 +179,15 @@ void os_parse_cmd_args(int index, const char *optarg) > > case QEMU_OPTION_runas: > > user_pwd = getpwnam(optarg); > > if (!user_pwd) { > > + long uid, gid, tail; > > + if (sscanf(optarg, "%ld:%ld%ln", &uid, &gid, &tail) >= 2 > > + && !optarg[tail]) { > > + user_pwd = g_malloc0(sizeof(user_pwd)); > > g_new0() please. user_pwd is never freed, not that it matters ,uch. Okay, will re-spin; thanks! Cheers, Chris. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-11-24 16:47 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2011-11-24 16:29 [Qemu-devel] [PATCH 1/2] Do not generate spurious error for -runas root Chris Webb 2011-11-24 16:29 ` [Qemu-devel] [PATCH 2/2] Allow -runas to be specified as UID:GID as well as USERNAME Chris Webb 2011-11-24 16:46 ` Avi Kivity 2011-11-24 16:47 ` Avi Kivity 2011-11-24 16:47 ` Chris Webb
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).