[tor-commits] [flashproxy/master] Add fac.drop_privs function.

dcf at torproject.org dcf at torproject.org
Sun Jun 2 05:38:59 UTC 2013


commit 80387d661788de565b4c1e40613897d0f59021c3
Author: David Fifield <david at bamsoftware.com>
Date:   Sat Jun 1 20:49:16 2013 -0700

    Add fac.drop_privs function.
---
 facilitator/fac.py |   18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/facilitator/fac.py b/facilitator/fac.py
index d43a522..70d482d 100644
--- a/facilitator/fac.py
+++ b/facilitator/fac.py
@@ -4,6 +4,7 @@ import re
 import socket
 import stat
 import subprocess
+import pwd
 
 # Return true iff the given fd is readable, writable, and executable only by its
 # owner.
@@ -11,6 +12,23 @@ def check_perms(fd):
     mode = os.fstat(fd)[0]
     return (mode & (stat.S_IRWXG | stat.S_IRWXO)) == 0
 
+# Drop privileges by switching ID to that of the given user.
+# http://stackoverflow.com/questions/2699907/dropping-root-permissions-in-python/2699996#2699996
+# https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
+# https://www.securecoding.cert.org/confluence/display/seccode/POS37-C.+Ensure+that+privilege+relinquishment+is+successful
+def drop_privs(username):
+    uid = pwd.getpwnam(username).pw_uid
+    gid = pwd.getpwnam(username).pw_gid
+    os.setgroups([])
+    os.setgid(gid)
+    os.setuid(uid)
+    try:
+        os.setuid(0)
+    except OSError:
+        pass
+    else:
+        raise AssertionError("setuid(0) succeeded after attempting to drop privileges")
+
 # A decorator to ignore "broken pipe" errors.
 def catch_epipe(fn):
     def ret(self, *args):





More information about the tor-commits mailing list