Exemple #1
0
def drop_privileges_save():
    """Drop the real UID/GID as well, and hide them in saved IDs."""
    # At the moment, we only know how to handle this when effective
    # privileges were already dropped.
    assert _dropped_privileges is not None and _dropped_privileges > 0
    if 'SUDO_GID' in os.environ:
        gid = int(os.environ['SUDO_GID'])
        osextras.setresgid(gid, gid, 0)
    if 'SUDO_UID' in os.environ:
        uid = int(os.environ['SUDO_UID'])
        osextras.setresuid(uid, uid, 0)
Exemple #2
0
def drop_privileges_save():
    """Drop the real UID/GID as well, and hide them in saved IDs."""
    # At the moment, we only know how to handle this when effective
    # privileges were already dropped.
    assert _dropped_privileges is not None and _dropped_privileges > 0
    if 'SUDO_GID' in os.environ:
        gid = int(os.environ['SUDO_GID'])
        osextras.setresgid(gid, gid, 0)
    if 'SUDO_UID' in os.environ:
        uid = int(os.environ['SUDO_UID'])
        osextras.setresuid(uid, uid, 0)
Exemple #3
0
def drop_privileges_save():
    """Drop the real UID/GID as well, and hide them in saved IDs."""
    # At the moment, we only know how to handle this when effective
    # privileges were already dropped.
    assert _dropped_privileges is not None and _dropped_privileges > 0
    uid = os.environ.get('SUDO_UID')
    gid = os.environ.get('SUDO_GID')
    if uid is not None:
        uid = int(uid)
        set_groups_for_uid(uid)
    if gid is not None:
        gid = int(gid)
        osextras.setresgid(gid, gid, 0)
    if uid is not None:
        osextras.setresuid(uid, uid, 0)
Exemple #4
0
def regain_privileges_save():
    """Recover our real UID/GID after calling drop_privileges_save."""
    assert _dropped_privileges is not None and _dropped_privileges > 0
    osextras.setresuid(0, -1, 0)
    osextras.setresgid(0, -1, 0)
Exemple #5
0
def regain_privileges_save():
    """Recover our real UID/GID after calling drop_privileges_save."""
    assert _dropped_privileges is not None and _dropped_privileges > 0
    osextras.setresuid(0, 0, 0)
    osextras.setresgid(0, 0, 0)
    os.setgroups([])