diff options
Diffstat (limited to 'mdbp')
| -rw-r--r-- | mdbp/mmdebstrap.py | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/mdbp/mmdebstrap.py b/mdbp/mmdebstrap.py index 9858b65..cbb52a9 100644 --- a/mdbp/mmdebstrap.py +++ b/mdbp/mmdebstrap.py @@ -9,7 +9,6 @@ import ctypes.util import functools import os import pathlib -import pwd import shlex import shutil import subprocess @@ -27,6 +26,18 @@ def unshare_network() -> None: if libc.unshare(0x40000000) < 0: raise OSError("unshare() failed", ctypes.get_errno()) +def set_uids(username): + """Look up the given user in /etc/passwd (e.g. after chroot) and drop + privileges to this user.""" + with open("/etc/passwd", "r") as f: + for line in f: + parts = line.strip().split(":") + if parts[0] == username: + os.setgid(int(parts[3])) + os.setuid(int(parts[2])) + return + raise OSError("user %s not found in /etc/passwd" % username) + def priv_drop(cmd: typing.List[str], *, chroot: typing.Optional[pathlib.Path] = None, chdir: typing.Union[None, str, pathlib.PurePath] = None, @@ -51,9 +62,7 @@ def priv_drop(cmd: typing.List[str], *, if chroot or chdir: os.chdir(chdir or "/") if setuid: - pwentry = pwd.getpwnam(setuid) - os.setgid(pwentry.pw_gid) - os.setuid(pwentry.pw_uid) + set_uids(setuid) subprocess.check_call(cmd, preexec_fn=preexec_fn, env=env) def native_architecture() -> str: |