lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-12-03 12:11:17 +03:00
Code Activity
Files
b5b67ecec1de9c9425a96cb8a7699b104c106de7
glibc/support/support_become_root.c
Paul Eggert 5a82c74822 Prefer https to http for gnu.org and fsf.org URLs 
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:

sed -ri '
  s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
  s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
  $(find $(git ls-files) -prune -type f \
      ! -name '*.po' \
      ! -name 'ChangeLog*' \
      ! -path COPYING ! -path COPYING.LIB \
      ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
      ! -path manual/texinfo.tex ! -path scripts/config.guess \
      ! -path scripts/config.sub ! -path scripts/install-sh \
      ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
      ! -path INSTALL ! -path  locale/programs/charmap-kw.h \
      ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
      ! '(' -name configure \
            -execdir test -f configure.ac -o -f configure.in ';' ')' \
      ! '(' -name preconfigure \
            -execdir test -f preconfigure.ac ';' ')' \
      -print)

and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:

  chmod a+x sysdeps/unix/sysv/linux/riscv/configure
  # Omit irrelevant whitespace and comment-only changes,
  # perhaps from a slightly-different Autoconf version.
  git checkout -f \
    sysdeps/csky/configure \
    sysdeps/hppa/configure \
    sysdeps/riscv/configure \
    sysdeps/unix/sysv/linux/csky/configure
  # Omit changes that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
  git checkout -f \
    sysdeps/powerpc/powerpc64/ppc-mcount.S \
    sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
  # Omit change that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
  git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 02:43:31 -07:00

103 lines
3.2 KiB
C
Raw Blame History

/* Acquire root privileges.
Copyright (C) 2016-2019 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#include <support/namespace.h>
#include <errno.h>
#include <fcntl.h>
#include <sched.h>
#include <stdio.h>
#include <string.h>
#include <support/check.h>
#include <support/xunistd.h>
#include <unistd.h>
#ifdef CLONE_NEWUSER
/* The necessary steps to allow file creation in user namespaces. */
static void
setup_uid_gid_mapping (uid_t original_uid, gid_t original_gid)
{
int fd = open64 ("/proc/self/uid_map", O_WRONLY);
if (fd < 0)
{
printf ("warning: could not open /proc/self/uid_map: %m\n"
"warning: file creation may not be possible\n");
return;
}
/* We map our original UID to the same UID in the container so we
own our own files normally. Without that, file creation could
fail with EOVERFLOW (sic!). */
char buf[100];
int ret = snprintf (buf, sizeof (buf), "%llu %llu 1\n",
(unsigned long long) original_uid,
(unsigned long long) original_uid);
TEST_VERIFY_EXIT (ret < sizeof (buf));
xwrite (fd, buf, ret);
xclose (fd);
/* Linux 3.19 introduced the setgroups file. We need write "deny" to this
file otherwise writing to gid_map will fail with EPERM. */
fd = open64 ("/proc/self/setgroups", O_WRONLY, 0);
if (fd < 0)
{
if (errno != ENOENT)
FAIL_EXIT1 ("open64 (\"/proc/self/setgroups\", 0x%x, 0%o): %m",
O_WRONLY, 0);
/* This kernel doesn't expose the setgroups file so simply move on. */
}
else
{
xwrite (fd, "deny\n", strlen ("deny\n"));
xclose (fd);
}
/* Now map our own GID, like we did for the user ID. */
fd = xopen ("/proc/self/gid_map", O_WRONLY, 0);
ret = snprintf (buf, sizeof (buf), "%llu %llu 1\n",
(unsigned long long) original_gid,
(unsigned long long) original_gid);
TEST_VERIFY_EXIT (ret < sizeof (buf));
xwrite (fd, buf, ret);
xclose (fd);
}
#endif /* CLONE_NEWUSER */
bool
support_become_root (void)
{
#ifdef CLONE_NEWUSER
uid_t original_uid = getuid ();
gid_t original_gid = getgid ();
if (unshare (CLONE_NEWUSER | CLONE_NEWNS) == 0)
{
setup_uid_gid_mapping (original_uid, original_gid);
/* Even if we do not have UID zero, we have extended privileges at
this point. */
return true;
}
#endif
if (setuid (0) != 0)
{
printf ("warning: could not become root outside namespace (%m)\n");
return false;
}
return true;
}
View Git Blame Copy Permalink