From ce83cf636183b93b93dca8bac539e4cfc61395c5 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <rgacogne@archlinux.org>
Date: Tue, 8 Nov 2022 15:52:34 +1000
Subject: [PATCH] Provide function for switching user in child processes

Add alpm_sandbox_child() function that will be used for switching to a
less priviledged user to run child processes.

Signed-off-by: Allan McRae <allan@archlinux.org>
---
 lib/libalpm/alpm.h      |  6 ++++++
 lib/libalpm/meson.build |  1 +
 lib/libalpm/sandbox.c   | 42 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 49 insertions(+)
 create mode 100644 lib/libalpm/sandbox.c

diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h
index 84597ac4..268f7213 100644
--- a/lib/libalpm/alpm.h
+++ b/lib/libalpm/alpm.h
@@ -2953,6 +2953,12 @@ const char *alpm_version(void);
  * */
 int alpm_capabilities(void);
 
+/** Drop privileges by switching to a different user.
+ * @param sandboxuser the user to switch to
+ * @return 0 on success, -1 on failure
+ */
+int alpm_sandbox_setup_child(const char *sandboxuser);
+
 /* End of libalpm_misc */
 /** @} */
 
diff --git a/lib/libalpm/meson.build b/lib/libalpm/meson.build
index 607e91a3..bd5db9fb 100644
--- a/lib/libalpm/meson.build
+++ b/lib/libalpm/meson.build
@@ -24,6 +24,7 @@ libalpm_sources = files('''
   pkghash.h pkghash.c
   rawstr.c
   remove.h remove.c
+  sandbox.c
   signing.c signing.h
   sync.h sync.c
   trans.h trans.c
diff --git a/lib/libalpm/sandbox.c b/lib/libalpm/sandbox.c
new file mode 100644
index 00000000..f10e9405
--- /dev/null
+++ b/lib/libalpm/sandbox.c
@@ -0,0 +1,42 @@
+/*
+ *  sandbox.c
+ *
+ *  Copyright (c) 2021-2022 Pacman Development Team <pacman-dev@lists.archlinux.org>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <errno.h>
+#include <grp.h>
+#include <pwd.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "alpm.h"
+#include "util.h"
+
+int SYMEXPORT alpm_sandbox_setup_child(const char* sandboxuser)
+{
+	struct passwd const *pw = NULL;
+
+	ASSERT(sandboxuser != NULL, return -1);
+	ASSERT(getuid() == 0, return -1);
+	ASSERT((pw = getpwnam(sandboxuser)), return -1);
+	ASSERT(setgid(pw->pw_gid) == 0, return -1);
+	ASSERT(setgroups(0, NULL) == 0, return -1);
+	ASSERT(setuid(pw->pw_uid) == 0, return -1);
+
+	return 0;
+}
+