Merge remote-tracking branch 'origin/master' into flakes

2025-06-30 07:33:16 +02:00 · 2019-05-15 20:51:29 +02:00 · 2019-05-15 20:51:29 +02:00 · 0f5032c5a4
commit 0f5032c5a4
parent 38b87dea62 8f6c72faee
12 changed files with 400 additions and 47 deletions
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@ -16,6 +16,7 @@
 #include <future>

 #include <fcntl.h>
+#include <grp.h>
 #include <limits.h>
 #include <pwd.h>
 #include <sys/ioctl.h>
@ -1038,6 +1039,16 @@ void runProgram2(const RunOptions & options)
        if (source && dup2(in.readSide.get(), STDIN_FILENO) == -1)
            throw SysError("dupping stdin");

+        if (options.chdir && chdir((*options.chdir).c_str()) == -1)
+            throw SysError("chdir failed");
+        if (options.gid && setgid(*options.gid) == -1)
+            throw SysError("setgid failed");
+        /* Drop all other groups if we're setgid. */
+        if (options.gid && setgroups(0, 0) == -1)
+            throw SysError("setgroups failed");
+        if (options.uid && setuid(*options.uid) == -1)
+            throw SysError("setuid failed");
+
        Strings args_(options.args);
        args_.push_front(options.program);

--- a/src/libutil/util.hh
+++ b/src/libutil/util.hh
@ -271,6 +271,9 @@ string runProgram(Path program, bool searchPath = false,

 struct RunOptions
 {
+    std::optional<uid_t> uid;
+    std::optional<uid_t> gid;
+    std::optional<Path> chdir;
    Path program;
    bool searchPath = true;
    Strings args;
@ -427,6 +430,7 @@ void ignoreException();
 /* Some ANSI escape sequences. */
 #define ANSI_NORMAL "\e[0m"
 #define ANSI_BOLD "\e[1m"
+#define ANSI_FAINT "\e[2m"
 #define ANSI_RED "\e[31;1m"
 #define ANSI_GREEN "\e[32;1m"
 #define ANSI_BLUE "\e[34;1m"