Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

privilege manage (escalation & degradation) when running as root #113

Merged
merged 9 commits into from May 23, 2017
Merged

privilege manage (escalation & degradation) when running as root #113

merged 9 commits into from May 23, 2017

Conversation

ghost
Copy link

@ghost ghost commented May 23, 2017

#111

Privilege manage when running as root. Store the root privilege and degrade, when root privilege is needed, escalate privilege

With this, sudo xmake install is safe and ok

@waruqi
Copy link
Member

waruqi commented May 23, 2017

Great! 👍

@waruqi waruqi merged commit ffa5787 into xmake-io:dev May 23, 2017
@waruqi
Copy link
Member

waruqi commented May 23, 2017

@titansnow I do not understand why it is safe to do this, and now it seems that sudo xmake can always be passed.

@ghost
Copy link
Author

ghost commented May 23, 2017

@waruqi when running as root, module privilege will store the root privilege. That is

sudo xmake
uid: 0
gid: 0

privilege store it
uid: 1000 (for example)
gid: 1000

some actions need privilege, get
uid: 0
gid: 0

The way is

  1. check that xmake is running as root
  2. set uid & gid to normal user.
    uid: 1000
    euid: 1000
    saved-uid: 0
    
  3. when spawn a process, the saved-uid will clear so that it's safe with no root privilege
    uid: 1000
    euid: 1000
    saved-uid: 1000
    
  4. when call privilege.get(), set to root. Be able because saved-uid
    uid: 0
    euid: 0
    saved-uid: 0
    

An example

$ sudo xmake l
> os.exec('id -u')
1000

@waruqi
Copy link
Member

waruqi commented May 23, 2017

@titansnow This means that when the store privilege (uid, gid 1000), some operations that require root(uid,gid 0) will still fail. So it's safe when run sudo xmake. Is that right?

@ghost
Copy link
Author

ghost commented May 23, 2017

@waruqi The script inside xmake process could use privilege.get() to get root privilege. But the processes xmake spawns after privilege is stored could not get root privilege. They run as normal user

@ghost
Copy link
Author

ghost commented May 23, 2017

@waruqi When root privilege is needed, for example installation, call privilege.get() then after this xmake and spawned process will have root privilege

@waruqi
Copy link
Member

waruqi commented May 23, 2017

Got it! It's great! 👍 ❤️

@ghost
Copy link
Author

ghost commented May 23, 2017

  1. launch xmake by sudo xmake -> has root privilege
  2. store it -> doesn't has root privilege
  3. spawn process like gcc -> doesn't has root privilege, cannot get root privilege
  4. do installation
  5. privilege.get() -> has root privilege
  6. spawn process for installation -> has root privilege

@waruqi
Copy link
Member

waruqi commented May 23, 2017

I understand it. Thanks! 😄

waruqi added a commit that referenced this pull request May 23, 2017
privilege manage (escalation & degradation) when running as root
(cherry picked from commit ffa5787)
@ghost ghost deleted the root branch May 23, 2017 03:19
@waruqi waruqi added this to the v2.1.5 milestone Jun 3, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants