'[gentoo-portage-dev] [PATCH] fetch: drop privileges early for NFS root_squash (bug 601252)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-portage-dev
Subject:    [gentoo-portage-dev] [PATCH] fetch: drop privileges early for NFS root_squash (bug 601252)
From:       Zac Medico <zmedico () gentoo ! org>
Date:       2020-02-15 22:38:59
Message-ID: 20200215223859.45671-1-zmedico () gentoo ! org
[Download RAW message or body]

Drop privileges prior to fetch function calls, so that
all necessary operations can succeed when DISTDIR is
on NFS with root_squash enabled.

Bug: https://bugs.gentoo.org/601252
Signed-off-by: Zac Medico <zmedico@gentoo.org>
---
 lib/_emerge/EbuildFetcher.py           | 12 +++++++++++-
 lib/portage/package/ebuild/doebuild.py | 20 +++++++++++++++----
 lib/portage/package/ebuild/fetch.py    | 27 ++++++++++++++++++++++++++
 3 files changed, 54 insertions(+), 5 deletions(-)

diff --git a/lib/_emerge/EbuildFetcher.py b/lib/_emerge/EbuildFetcher.py
index ad5109c28..b9dc3a10c 100644
--- a/lib/_emerge/EbuildFetcher.py
+++ b/lib/_emerge/EbuildFetcher.py
@@ -12,7 +12,12 @@ from portage import _unicode_encode
 from portage import _unicode_decode
 from portage.checksum import _hash_filter
 from portage.elog.messages import eerror
-from portage.package.ebuild.fetch import _check_distfile, fetch
+from portage.package.ebuild.fetch import (
+	_check_distfile,
+	_drop_privs_userfetch,
+	_want_userfetch,
+	fetch,
+)
 from portage.util._async.AsyncTaskFuture import AsyncTaskFuture
 from portage.util._async.ForkProcess import ForkProcess
 from portage.util._pty import _create_pty_or_pipe
@@ -229,6 +234,11 @@ class _EbuildFetcherProcess(ForkProcess):
 		self._settings = None
 
 	def _run(self):
+		# For userfetch, drop privileges for the entire fetch call, in
+		# order to handle DISTDIR on NFS with root_squash for bug 601252.
+		if _want_userfetch(self._settings):
+			_drop_privs_userfetch(self._settings)
+
 		# Force consistent color output, in case we are capturing fetch
 		# output through a normal pipe due to unavailability of ptys.
 		portage.output.havecolor = self._settings.get('NOCOLOR') \
diff --git a/lib/portage/package/ebuild/doebuild.py b/lib/portage/package/ebuild/doebuild.py
index 92e9d755c..be4a6019d 100644
--- a/lib/portage/package/ebuild/doebuild.py
+++ b/lib/portage/package/ebuild/doebuild.py
@@ -30,7 +30,7 @@ portage.proxy.lazyimport.lazyimport(globals(),
 	'portage.package.ebuild.config:check_config_instance',
 	'portage.package.ebuild.digestcheck:digestcheck',
 	'portage.package.ebuild.digestgen:digestgen',
-	'portage.package.ebuild.fetch:fetch',
+	'portage.package.ebuild.fetch:_drop_privs_userfetch,_want_userfetch,fetch',
 	'portage.package.ebuild.prepare_build_dirs:_prepare_fake_distdir',
 	'portage.package.ebuild._ipc.QueryCommand:QueryCommand',
 	'portage.dep._slot_operator:evaluate_slot_operator_equal_deps',
@@ -83,6 +83,7 @@ from portage.util.cpuinfo import get_cpu_count
 from portage.util.lafilefixer import rewrite_lafile
 from portage.util.compression_probe import _compressors
 from portage.util.futures import asyncio
+from portage.util.futures.executor.fork import ForkExecutor
 from portage.util.path import first_existing
 from portage.util.socks5 import get_socks5_proxy
 from portage.versions import _pkgsplit
@@ -1082,9 +1083,20 @@ def doebuild(myebuild, mydo, _unused=DeprecationWarning, settings=None, debug=0,
 			dist_digests = None
 			if mf is not None:
 				dist_digests = mf.getTypeDigests("DIST")
-			if not fetch(fetchme, mysettings, listonly=listonly,
-				fetchonly=fetchonly, allow_missing_digests=False,
-				digests=dist_digests):
+
+			def _fetch_subprocess(fetchme, mysettings, listonly, dist_digests):
+				# For userfetch, drop privileges for the entire fetch call, in
+				# order to handle DISTDIR on NFS with root_squash for bug 601252.
+				if _want_userfetch(mysettings):
+					_drop_privs_userfetch(mysettings)
+
+				return fetch(fetchme, mysettings, listonly=listonly,
+					fetchonly=fetchonly, allow_missing_digests=False,
+					digests=dist_digests)
+
+			loop = asyncio._safe_loop()
+			if not loop.run_until_complete(loop.run_in_executor(ForkExecutor(loop=loop),
+				_fetch_subprocess, fetchme, mysettings, listonly, dist_digests)):
 				# Since listonly mode is called by emerge --pretend in an
 				# asynchronous context, spawn_nofetch would trigger event loop
 				# recursion here, therefore delegate execution of pkg_nofetch
diff --git a/lib/portage/package/ebuild/fetch.py b/lib/portage/package/ebuild/fetch.py
index 06118b1a6..6189c0245 100644
--- a/lib/portage/package/ebuild/fetch.py
+++ b/lib/portage/package/ebuild/fetch.py
@@ -69,6 +69,33 @@ _userpriv_spawn_kwargs = (
 def _hide_url_passwd(url):
 	return re.sub(r'//(.+):.+@(.+)', r'//\1:*password*@\2', url)
 
+
+def _want_userfetch(settings):
+	"""
+	Check if it's desirable to drop privileges for userfetch.
+
+	@param settings: portage config
+	@type settings: portage.package.ebuild.config.config
+	@return: True if desirable, False otherwise
+	"""
+	return ('userfetch' in settings.features and
+		portage.data.secpass >= 2 and os.getuid() == 0)
+
+
+def _drop_privs_userfetch(settings):
+	"""
+	Drop privileges for userfetch, and update portage.data.secpass
+	to correspond to the new privilege level.
+	"""
+	spawn_kwargs = dict(_userpriv_spawn_kwargs)
+	_ensure_distdir(settings, settings['DISTDIR'])
+	os.setgid(int(spawn_kwargs['gid']))
+	os.setgroups(spawn_kwargs['groups'])
+	os.setuid(int(spawn_kwargs['uid']))
+	os.umask(spawn_kwargs['umask'])
+	portage.data.secpass = 1
+
+
 def _spawn_fetch(settings, args, **kwargs):
 	"""
 	Spawn a process with appropriate settings for fetching, including
-- 
2.24.1


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic