Provide function for switching user in child processes

Add alpm_sandbox_child() function that will be used for switching to a less priviledged user to run child processes. Signed-off-by: Allan McRae <allan@archlinux.org>
2022-11-08 15:52:34 +10:00 · 2022-11-08 15:52:34 +10:00 · ce83cf6361
commit ce83cf6361
parent 56eb87287e
3 changed files with 49 additions and 0 deletions
--- a/lib/libalpm/alpm.h
+++ b/lib/libalpm/alpm.h
@ -2953,6 +2953,12 @@ const char *alpm_version(void);
 * */
 int alpm_capabilities(void);

+/** Drop privileges by switching to a different user.
+ * @param sandboxuser the user to switch to
+ * @return 0 on success, -1 on failure
+ */
+int alpm_sandbox_setup_child(const char *sandboxuser);
+
 /* End of libalpm_misc */
 /** @} */

--- a/lib/libalpm/meson.build
+++ b/lib/libalpm/meson.build
@ -24,6 +24,7 @@ libalpm_sources = files('''
  pkghash.h pkghash.c
  rawstr.c
  remove.h remove.c
+  sandbox.c
  signing.c signing.h
  sync.h sync.c
  trans.h trans.c
--- a/lib/libalpm/sandbox.c
+++ b/lib/libalpm/sandbox.c
@ -0,0 +1,42 @@
+/*
+ *  sandbox.c
+ *
+ *  Copyright (c) 2021-2022 Pacman Development Team <pacman-dev@lists.archlinux.org>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <errno.h>
+#include <grp.h>
+#include <pwd.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "alpm.h"
+#include "util.h"
+
+int SYMEXPORT alpm_sandbox_setup_child(const char* sandboxuser)
+{
+	struct passwd const *pw = NULL;
+
+	ASSERT(sandboxuser != NULL, return -1);
+	ASSERT(getuid() == 0, return -1);
+	ASSERT((pw = getpwnam(sandboxuser)), return -1);
+	ASSERT(setgid(pw->pw_gid) == 0, return -1);
+	ASSERT(setgroups(0, NULL) == 0, return -1);
+	ASSERT(setuid(pw->pw_uid) == 0, return -1);
+
+	return 0;
+}
+