You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@uima.apache.org by ea...@apache.org on 2017/07/21 16:02:20 UTC

svn commit: r1802610 - /uima/uima-ducc/trunk/uima-ducc-spawn/src/ducc_ling.c

Author: eae
Date: Fri Jul 21 16:02:20 2017
New Revision: 1802610

URL: http://svn.apache.org/viewvc?rev=1802610&view=rev
Log:
UIMA-5405 Simplify alternate "ducc" user handling and further restrict target uid

Modified:
    uima/uima-ducc/trunk/uima-ducc-spawn/src/ducc_ling.c

Modified: uima/uima-ducc/trunk/uima-ducc-spawn/src/ducc_ling.c
URL: http://svn.apache.org/viewvc/uima/uima-ducc/trunk/uima-ducc-spawn/src/ducc_ling.c?rev=1802610&r1=1802609&r2=1802610&view=diff
==============================================================================
--- uima/uima-ducc/trunk/uima-ducc-spawn/src/ducc_ling.c (original)
+++ uima/uima-ducc/trunk/uima-ducc-spawn/src/ducc_ling.c Fri Jul 21 16:02:20 2017
@@ -81,9 +81,16 @@
  * 2015-11-19 2.1.0 Create 2 streams if console port ends with "?splitstreams".  Add timestamp to log. bll
  * 2017-03-08 2.2.1 Set umask before creating logs so permissions of log directories are set correctly. bll
  * 2017-04-27 2.2.1 DUCC should allow the "ducc" user to be other than exactly "ducc".  lrd bll
+ * 2017-07-21 2.2.1 Do not allow ducc_ling to run as any system user, e.g. uid < 500. eae
  */
 
 /**
+ * Minimum target uid that ducc_ling will try to switch to
+ */
+#define MIN_UID 500
+
+
+/**
  * Numbering - every message is numbered to facilitate filtering and identification in
  *             logs and messages.
  *
@@ -673,12 +680,6 @@ int main(int argc, char **argv, char **e
         exit(1);
     }
 
-    // Check if ducc_ling is able to switch ids i.e. is running as root
-    if (geteuid() == 0) {
-      switch_ids = 1;
-      log_stdout("304 effective uid is root so can switch ids\n");
-    }
-    
     if ( getenv("DUCC_CONSOLE_LISTENER") != NULL ) {
         log_stdout("302 Redirecting console into socket %s.\n", getenv("DUCC_CONSOLE_LISTENER"));
         redirect = 1;
@@ -690,43 +691,32 @@ int main(int argc, char **argv, char **e
     // do this here before redirection stdout / stderr
     log_stdout("0 %d\n", getpid());                                         // code 0 means we passed tests and are about to dup I/O
 
-	// get target user number
-	pwd = getpwnam(userid);
-	if (pwd != NULL) {
-		uid_user = pwd->pw_uid;
-		//log_stdout("570 USER is %s (%d).\n", pwd->pw_name, uid_user);
-	}
-	
-    // get DUCC user number
+    //	fetch installed "ducc" user passwd structure
     pwd = getpwnam(UID);
-	if (pwd != NULL) {
-		uid_ducc = pwd->pw_uid;
-		//log_stdout("580 DUCC is %s (%d).\n", pwd->pw_name, uid_ducc);
-	}
-	if (uid_ducc <= 0) {
-	    log_stderr("910 The ducc_ling owner \"%s\" does not exist???\n", UID);
-		exit(1);
-	}
-	
-	if (switch_ids == 0 && uid_user != uid_caller) {
-	    log_stdout("700 ducc_ling is not setuid, not switching to %s\n", userid);
-	}
 
-    // Don't switch if the caller is not the DUCC owner/administrator
-    if (switch_ids == 1) {
-        if ( uid_ducc != uid_caller ) {
-            log_stderr("700 Caller is not the ducc_ling owner %s (%d), permissions should not allow this!\n", UID, uid_ducc);
-            exit(1);
+    if ( pwd == NULL ) {
+        pwd = getpwuid(getuid());
+#ifdef __APPLE__
+        // Seems theres a bug in getpwuid and nobody seems to have a good answer.  On mac we don't
+        // care anyway so we ignore it (because mac is supported for test only).
+        if ( pwd == NULL ) {
+		  log_stdout("600 No \"%s\" user found and I can't find my own name.  Running as id %d", UID, getuid());
+        } else {
+		  log_stdout("600 No \"%s\" user found, running instead as %s.\n", UID, pwd->pw_name);
         }
+#else
+        log_stdout("600 No \"%s\" user found, running instead as %s.\n", UID, pwd->pw_name);
+#endif
+    } else if ( pwd->pw_uid != getuid() ) {
+	  log_stdout("700 Caller is not %s (%d), not trying to switch ids ... \n", UID, pwd->pw_uid);
+        pwd = getpwuid(getuid());
+        log_stdout("800 Running instead as %s.\n", pwd->pw_name);
+    } else {
+        switch_ids = 1;
     }
 
     //
-    //	fetch target user's passwd structure and try switch identities
-    //  assert:
-    //    - ducc_ling is setuid 
-    //    - caller is the "ducc-user" ... the one that compiled ducc_ling
-    //  check that:
-    //    - target user exists and is not root 
+    //	fetch target user's passwd structure and try switch identities.
     //
     if ( switch_ids ) {
 
@@ -737,8 +727,8 @@ int main(int argc, char **argv, char **e
         }
 
         // don't allow to change uid to root.
-        if ( pwd->pw_uid == 0 ) {
-            log_stderr("900 setuid to root not allowed. Exiting.\n");
+        if ( pwd->pw_uid < MIN_UID ) {
+		  log_stderr("900 setuid < %d not allowed. Exiting.\n", MIN_UID);
             exit(1);
         }