From patchwork Thu Nov 24 16:56:01 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chris Webb <chris@arachsys.com>
X-Patchwork-Id: 127565
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [140.186.70.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 4C40CB6F9A
	for <incoming@patchwork.ozlabs.org>;
	Fri, 25 Nov 2011 03:57:57 +1100 (EST)
Received: from localhost ([::1]:42074 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1RTccS-0007Va-Vl
	for incoming@patchwork.ozlabs.org; Thu, 24 Nov 2011 11:57:52 -0500
Received: from eggs.gnu.org ([140.186.70.92]:52814)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <chris@arachsys.com>) id 1RTccB-0006ql-Hn
	for qemu-devel@nongnu.org; Thu, 24 Nov 2011 11:57:36 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <chris@arachsys.com>) id 1RTccA-0004HX-GM
	for qemu-devel@nongnu.org; Thu, 24 Nov 2011 11:57:35 -0500
Received: from alpha.arachsys.com ([91.203.57.7]:53147)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <chris@arachsys.com>) id 1RTccA-0004HT-CC
	for qemu-devel@nongnu.org; Thu, 24 Nov 2011 11:57:34 -0500
Received: from [81.2.114.212] (helo=miranda.arachsys.com)
	by alpha.arachsys.com with esmtpa (Exim 4.72)
	(envelope-from <chris@arachsys.com>)
	id 1RTcc7-0001Vr-Tm; Thu, 24 Nov 2011 16:57:32 +0000
From: Chris Webb <chris@arachsys.com>
To: qemu-devel@nongnu.org
Date: Thu, 24 Nov 2011 16:56:01 +0000
Message-Id: 
 <68ece8994d44ca7cd22b854b7b507c2bdb992f53.1322153761.git.chris@arachsys.com>
X-Mailer: git-send-email 1.7.5.4
In-Reply-To: 
 <a771422c87b3e86d78754478befbc6a3dd63416e.1322153761.git.chris@arachsys.com>
References: 
 <a771422c87b3e86d78754478befbc6a3dd63416e.1322153761.git.chris@arachsys.com>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 91.203.57.7
Cc: Chris Webb <chris@arachsys.com>, Avi Kivity <avi@redhat.com>
Subject: [Qemu-devel] [PATCH v2 2/2] Allow -runas to be specified as UID:GID
	as well as USERNAME
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

This allows qemu to drop privileges to a dynamically allocated, anonymous UID
and GID without needing a temporary /etc/passwd entry for that UID. The
UID:GID format is very standard, being (for example) the syntax used by
chown(1) for numeric IDs.

Signed-off-by: Chris Webb <chris@arachsys.com>
---
 os-posix.c |   16 +++++++++++++++-
 1 files changed, 15 insertions(+), 1 deletions(-)

diff --git a/os-posix.c b/os-posix.c
index 1b2061a..44a841b 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -179,6 +179,15 @@ void os_parse_cmd_args(int index, const char *optarg)
     case QEMU_OPTION_runas:
         user_pwd = getpwnam(optarg);
         if (!user_pwd) {
+            long uid, gid, tail;
+            if (sscanf(optarg, "%ld:%ld%ln", &uid, &gid, &tail) >= 2
+                  && !optarg[tail]) {
+                user_pwd = g_new0(struct passwd, 1);
+                user_pwd->pw_uid = uid;
+                user_pwd->pw_gid = gid;
+            }
+        }
+        if (!user_pwd) {
             fprintf(stderr, "User \"%s\" doesn't exist\n", optarg);
             exit(1);
         }
@@ -200,7 +209,12 @@ static void change_process_uid(void)
             fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid);
             exit(1);
         }
-        if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) {
+        if (!user_pwd->pw_name) {
+            if (setgroups(0, NULL) < 0) {
+                fprintf(stderr, "Failed to setgroups(0, NULL)\n");
+                exit(1);
+            }
+        } else if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) {
             fprintf(stderr, "Failed to initgroups(\"%s\", %d)\n",
                     user_pwd->pw_name, user_pwd->pw_gid);
             exit(1);