diff options
author | Andrew Gaffney <agaffney@gentoo.org> | 2008-01-06 22:01:27 +0000 |
---|---|---|
committer | Andrew Gaffney <agaffney@gentoo.org> | 2008-01-06 22:01:27 +0000 |
commit | ca20aa4572c3614393af1a889ffd731caf0764e0 (patch) | |
tree | 2502803bf365f522175a18960ac26f6ffee34253 | |
parent | add in exec() call (diff) | |
download | scire-ca20aa4572c3614393af1a889ffd731caf0764e0.tar.gz scire-ca20aa4572c3614393af1a889ffd731caf0764e0.tar.bz2 scire-ca20aa4572c3614393af1a889ffd731caf0764e0.zip |
check proper variable after forking
add code to setuid() before job execution
svn path=/branches/new-fu/; revision=339
-rw-r--r-- | client/Scire/Job.pm | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/client/Scire/Job.pm b/client/Scire/Job.pm index 9216116..913e3de 100644 --- a/client/Scire/Job.pm +++ b/client/Scire/Job.pm @@ -57,7 +57,7 @@ sub run { # queue dir in the job directory will do, or maybe it will be configurable my $pid = fork(); - if($fork) { + if($pid) { # XXX: eventually, we'll move the waitpid() call to another function # called something like is_running() and use WNOHANG instead of blocking waitpid($pid, 0); @@ -68,13 +68,26 @@ sub run { } return $exitcode; } else { - # XXX: we'll use setuid to drop privileges here + # We redirect STDOUT and STDERR first since the new user may not have + # write access to the file locations if(defined $self->{stdout_filename}) { open STDOUT, '>', $self->{stdout_filename}; } if(defined $self->{stderr_filename}) { open STDERR, '>', $self->{stderr_filename}; } + # XXX: we might want to check capabilities here instead of UID, but I + # have no idea how to do that + if($< == 0) { + # XXX: we'll use setuid to drop privileges here + my $user = getpwnam($self->{run_as}); + if(defined $user) { + setuid($user[2]); + } else { + # XXX: the specified user does not exist. we should really do + # something here + } + } # XXX: exec() to run our command. our STDOUT and STDERR have been # redirected to the files specified, and the exit code is returned # to the main process when we're done executing. This will be changed |