commit 80387d661788de565b4c1e40613897d0f59021c3 Author: David Fifield david@bamsoftware.com Date: Sat Jun 1 20:49:16 2013 -0700

Add fac.drop_privs function. --- facilitator/fac.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)

diff --git a/facilitator/fac.py b/facilitator/fac.py index d43a522..70d482d 100644 --- a/facilitator/fac.py +++ b/facilitator/fac.py @@ -4,6 +4,7 @@ import re import socket import stat import subprocess +import pwd

# Return true iff the given fd is readable, writable, and executable only by its # owner. @@ -11,6 +12,23 @@ def check_perms(fd): mode = os.fstat(fd)[0] return (mode & (stat.S_IRWXG | stat.S_IRWXO)) == 0

+# Drop privileges by switching ID to that of the given user. +# http://stackoverflow.com/questions/2699907/dropping-root-permissions-in-pyth... +# https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observ... +# https://www.securecoding.cert.org/confluence/display/seccode/POS37-C.+Ensure... +def drop_privs(username): + uid = pwd.getpwnam(username).pw_uid + gid = pwd.getpwnam(username).pw_gid + os.setgroups([]) + os.setgid(gid) + os.setuid(uid) + try: + os.setuid(0) + except OSError: + pass + else: + raise AssertionError("setuid(0) succeeded after attempting to drop privileges") + # A decorator to ignore "broken pipe" errors. def catch_epipe(fn): def ret(self, *args):