projects
/
gruntmaster-daemon.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
77ba721
)
Only run "untrusted" programs under sudo
author
Marius Gavrilescu
<marius@ieval.ro>
Tue, 3 Feb 2015 13:40:37 +0000
(15:40 +0200)
committer
Marius Gavrilescu
<marius@ieval.ro>
Tue, 3 Feb 2015 13:40:37 +0000
(15:40 +0200)
gruntmaster-exec
patch
|
blob
|
blame
|
history
diff --git
a/gruntmaster-exec
b/gruntmaster-exec
index c824b20a76af263223e07db9640b91d9e2dda5fa..25a44d16f48f8635b58868a9f2c9695dab7caf45 100755
(executable)
--- a/
gruntmaster-exec
+++ b/
gruntmaster-exec
@@
-45,7
+45,7
@@
GetOptions(
my $killuser = $ENV{GRUNTMASTER_KILL_USER};
my @sudo;
my $killuser = $ENV{GRUNTMASTER_KILL_USER};
my @sudo;
-@sudo = (shellwords ($ENV{GRUNTMASTER_SUDO}), '--') if $ENV{GRUNTMASTER_SUDO};
+@sudo = (shellwords ($ENV{GRUNTMASTER_SUDO}), '--') if $ENV{GRUNTMASTER_SUDO}
&& $nobody
;
$mlimit = 1_000_000_000 if @sudo; # sudo wants a lot of address space
my $ret = fork // die 'Cannot fork';
$mlimit = 1_000_000_000 if @sudo; # sudo wants a lot of address space
my $ret = fork // die 'Cannot fork';
@@
-94,7
+94,8
@@
if ($ret) {
setrlimit RLIMIT_NPROC, $nproc, $nproc or die $! if $nobody;
POSIX::setgid $nobody ? 65534 : USER;
POSIX::setuid $nobody ? 65534 : GROUP;
setrlimit RLIMIT_NPROC, $nproc, $nproc or die $! if $nobody;
POSIX::setgid $nobody ? 65534 : USER;
POSIX::setuid $nobody ? 65534 : GROUP;
- unshift @ARGV, @sudo if $nobody;
+ unshift @ARGV, @sudo;
+ say STDERR "Execing: ", join ' ', map { "'$_'" } @ARGV;
exec @ARGV;
}
exec @ARGV;
}
This page took
0.012954 seconds
and
4
git commands to generate.