hardcoresushi/libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

syscallcompat: use early return in asUser()

Browse Source
This commit is contained in:
Jakob Unterwurzacher 2021-08-19 09:01:58 +02:00
parent be2bd4eec7
commit 02c91d73ce
1 changed files with 34 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
internal/syscallcompat/sys_linux.go
View File

@ -91,38 +91,43 @@ func getSupplementaryGroups(pid uint32) (gids []int) {
return nil return nil
} }
// asUser runs the function `f` under the effective uid, gid, groups specified // asUser runs `f()` under the effective uid, gid, groups specified
// in `context`. // in `context`.
//
// If `context` is nil, `f()` is executed directly without switching user id.
func asUser(f func() (int, error), context *fuse.Context) (int, error) { func asUser(f func() (int, error), context *fuse.Context) (int, error) {
if context != nil { if context == nil {
runtime.LockOSThread() return f()
defer runtime.UnlockOSThread()
// Since go1.16beta1 (commit d1b1145cace8b968307f9311ff611e4bb810710c ,
// https://go-review.googlesource.com/c/go/+/210639 )
// syscall.{Setgroups,Setregid,Setreuid} affects all threads, which
// is exactly what we not want.
//
// We now use unix.{Setgroups,Setregid,Setreuid} instead.
err := unix.Setgroups(getSupplementaryGroups(context.Pid))
if err != nil {
return -1, err
}
defer unix.Setgroups(nil)
err = unix.Setregid(-1, int(context.Owner.Gid))
if err != nil {
return -1, err
}
defer unix.Setregid(-1, 0)
err = unix.Setreuid(-1, int(context.Owner.Uid))
if err != nil {
return -1, err
}
defer unix.Setreuid(-1, 0)
} }
runtime.LockOSThread()
defer runtime.UnlockOSThread()
// Since go1.16beta1 (commit d1b1145cace8b968307f9311ff611e4bb810710c ,
// https://go-review.googlesource.com/c/go/+/210639 )
// syscall.{Setgroups,Setregid,Setreuid} affects all threads, which
// is exactly what we not want.
//
// We now use unix.{Setgroups,Setregid,Setreuid} instead.
err := unix.Setgroups(getSupplementaryGroups(context.Pid))
if err != nil {
return -1, err
}
defer unix.Setgroups(nil)
err = unix.Setregid(-1, int(context.Owner.Gid))
if err != nil {
return -1, err
}
defer unix.Setregid(-1, 0)
err = unix.Setreuid(-1, int(context.Owner.Uid))
if err != nil {
return -1, err
}
defer unix.Setreuid(-1, 0)
return f() return f()
} }