New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

privilege manage (escalation & degradation) when running as root #113

Merged
merged 9 commits into from May 23, 2017

Conversation

Projects
None yet
2 participants
@TitanSnow
Contributor

TitanSnow commented May 23, 2017

#111

Privilege manage when running as root. Store the root privilege and degrade, when root privilege is needed, escalate privilege

With this, sudo xmake install is safe and ok

@waruqi

This comment has been minimized.

Show comment
Hide comment
@waruqi

waruqi May 23, 2017

Member

Great! 👍

Member

waruqi commented May 23, 2017

Great! 👍

@waruqi waruqi merged commit ffa5787 into tboox:dev May 23, 2017

1 of 2 checks passed

continuous-integration/appveyor/pr AppVeyor build failed
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@waruqi

This comment has been minimized.

Show comment
Hide comment
@waruqi

waruqi May 23, 2017

Member

@TitanSnow I do not understand why it is safe to do this, and now it seems that sudo xmake can always be passed.

Member

waruqi commented May 23, 2017

@TitanSnow I do not understand why it is safe to do this, and now it seems that sudo xmake can always be passed.

@TitanSnow

This comment has been minimized.

Show comment
Hide comment
@TitanSnow

TitanSnow May 23, 2017

Contributor

@waruqi when running as root, module privilege will store the root privilege. That is

sudo xmake
uid: 0
gid: 0

privilege store it
uid: 1000 (for example)
gid: 1000

some actions need privilege, get
uid: 0
gid: 0

The way is

  1. check that xmake is running as root
  2. set uid & gid to normal user.
    uid: 1000
    euid: 1000
    saved-uid: 0
    
  3. when spawn a process, the saved-uid will clear so that it's safe with no root privilege
    uid: 1000
    euid: 1000
    saved-uid: 1000
    
  4. when call privilege.get(), set to root. Be able because saved-uid
    uid: 0
    euid: 0
    saved-uid: 0
    

An example

$ sudo xmake l
> os.exec('id -u')
1000
Contributor

TitanSnow commented May 23, 2017

@waruqi when running as root, module privilege will store the root privilege. That is

sudo xmake
uid: 0
gid: 0

privilege store it
uid: 1000 (for example)
gid: 1000

some actions need privilege, get
uid: 0
gid: 0

The way is

  1. check that xmake is running as root
  2. set uid & gid to normal user.
    uid: 1000
    euid: 1000
    saved-uid: 0
    
  3. when spawn a process, the saved-uid will clear so that it's safe with no root privilege
    uid: 1000
    euid: 1000
    saved-uid: 1000
    
  4. when call privilege.get(), set to root. Be able because saved-uid
    uid: 0
    euid: 0
    saved-uid: 0
    

An example

$ sudo xmake l
> os.exec('id -u')
1000
@waruqi

This comment has been minimized.

Show comment
Hide comment
@waruqi

waruqi May 23, 2017

Member

@TitanSnow This means that when the store privilege (uid, gid 1000), some operations that require root(uid,gid 0) will still fail. So it's safe when run sudo xmake. Is that right?

Member

waruqi commented May 23, 2017

@TitanSnow This means that when the store privilege (uid, gid 1000), some operations that require root(uid,gid 0) will still fail. So it's safe when run sudo xmake. Is that right?

@TitanSnow

This comment has been minimized.

Show comment
Hide comment
@TitanSnow

TitanSnow May 23, 2017

Contributor

@waruqi The script inside xmake process could use privilege.get() to get root privilege. But the processes xmake spawns after privilege is stored could not get root privilege. They run as normal user

Contributor

TitanSnow commented May 23, 2017

@waruqi The script inside xmake process could use privilege.get() to get root privilege. But the processes xmake spawns after privilege is stored could not get root privilege. They run as normal user

@TitanSnow

This comment has been minimized.

Show comment
Hide comment
@TitanSnow

TitanSnow May 23, 2017

Contributor

@waruqi When root privilege is needed, for example installation, call privilege.get() then after this xmake and spawned process will have root privilege

Contributor

TitanSnow commented May 23, 2017

@waruqi When root privilege is needed, for example installation, call privilege.get() then after this xmake and spawned process will have root privilege

@waruqi

This comment has been minimized.

Show comment
Hide comment
@waruqi

waruqi May 23, 2017

Member

Got it! It's great! 👍 ❤️

Member

waruqi commented May 23, 2017

Got it! It's great! 👍 ❤️

@TitanSnow

This comment has been minimized.

Show comment
Hide comment
@TitanSnow

TitanSnow May 23, 2017

Contributor
  1. launch xmake by sudo xmake -> has root privilege
  2. store it -> doesn't has root privilege
  3. spawn process like gcc -> doesn't has root privilege, cannot get root privilege
  4. do installation
  5. privilege.get() -> has root privilege
  6. spawn process for installation -> has root privilege
Contributor

TitanSnow commented May 23, 2017

  1. launch xmake by sudo xmake -> has root privilege
  2. store it -> doesn't has root privilege
  3. spawn process like gcc -> doesn't has root privilege, cannot get root privilege
  4. do installation
  5. privilege.get() -> has root privilege
  6. spawn process for installation -> has root privilege
@waruqi

This comment has been minimized.

Show comment
Hide comment
@waruqi

waruqi May 23, 2017

Member

I understand it. Thanks! 😄

Member

waruqi commented May 23, 2017

I understand it. Thanks! 😄

waruqi added a commit that referenced this pull request May 23, 2017

Merge pull request #113 from TitanSnow/root
privilege manage (escalation & degradation) when running as root
(cherry picked from commit ffa5787)

@TitanSnow TitanSnow deleted the TitanSnow:root branch May 23, 2017

@waruqi waruqi added this to the v2.1.5 milestone Jun 3, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment