summaryrefslogtreecommitdiff
path: root/client
diff options
context:
space:
mode:
authorAndrew Gaffney <agaffney@gentoo.org>2008-01-06 22:01:27 +0000
committerAndrew Gaffney <agaffney@gentoo.org>2008-01-06 22:01:27 +0000
commitca20aa4572c3614393af1a889ffd731caf0764e0 (patch)
tree2502803bf365f522175a18960ac26f6ffee34253 /client
parentadd in exec() call (diff)
downloadscire-ca20aa4572c3614393af1a889ffd731caf0764e0.tar.gz
scire-ca20aa4572c3614393af1a889ffd731caf0764e0.tar.bz2
scire-ca20aa4572c3614393af1a889ffd731caf0764e0.zip
check proper variable after forking
add code to setuid() before job execution svn path=/branches/new-fu/; revision=339
Diffstat (limited to 'client')
-rw-r--r--client/Scire/Job.pm17
1 files changed, 15 insertions, 2 deletions
diff --git a/client/Scire/Job.pm b/client/Scire/Job.pm
index 9216116..913e3de 100644
--- a/client/Scire/Job.pm
+++ b/client/Scire/Job.pm
@@ -57,7 +57,7 @@ sub run {
# queue dir in the job directory will do, or maybe it will be configurable
my $pid = fork();
- if($fork) {
+ if($pid) {
# XXX: eventually, we'll move the waitpid() call to another function
# called something like is_running() and use WNOHANG instead of blocking
waitpid($pid, 0);
@@ -68,13 +68,26 @@ sub run {
}
return $exitcode;
} else {
- # XXX: we'll use setuid to drop privileges here
+ # We redirect STDOUT and STDERR first since the new user may not have
+ # write access to the file locations
if(defined $self->{stdout_filename}) {
open STDOUT, '>', $self->{stdout_filename};
}
if(defined $self->{stderr_filename}) {
open STDERR, '>', $self->{stderr_filename};
}
+ # XXX: we might want to check capabilities here instead of UID, but I
+ # have no idea how to do that
+ if($< == 0) {
+ # XXX: we'll use setuid to drop privileges here
+ my $user = getpwnam($self->{run_as});
+ if(defined $user) {
+ setuid($user[2]);
+ } else {
+ # XXX: the specified user does not exist. we should really do
+ # something here
+ }
+ }
# XXX: exec() to run our command. our STDOUT and STDERR have been
# redirected to the files specified, and the exit code is returned
# to the main process when we're done executing. This will be changed