[Twisted-Python] t.i.process uid/gid suckiness
Tommi Virtanen
tv at twistedmatrix.com
Tue Mar 11 08:25:10 EST 2003
The handling of uid/gid changes and SIGCHLD all around twisted
are in an appalling state. I've tried to bitch at the right
people, but that hasn't helped, so I'm taking the more
heavyhanded approach of just fixing stuff. Let the code talk.
However, I still don't consider myself an authority on what
Twisted should do, don't have that much time longer term (I
will not maintain this code permanently), and don't know what
silly limitations the windows port of python has. So, I'll try
to write down what changes I'm planning on doing, so you have
a chance of vetoing. If I get no comments, I'll just basically
go ahead and commit what I happen to want to, touching a many
areas of mktap/t.i.process/procmon/whatever. If you want to
avoid a de facto hijack-fix-abandon process, TALK NOW
0) make the t.i.process setuid/setgid code actually work (see
patch; BTW is the initgroups part really needed? I feel my
pure-python 6-liner does the same thing.)
1) make all places that take uid/gid just silently take in
strings, too, and use pwd/grp to convert them to uids and
gids as necessary
2) make .taps store uids and gids as strings
3) defer procmon startup so the processes are forked only
after setuid has happened.
4) try to fix the child process races, atleast including
deferring signal-triggered processing to happen outside the
actual signal handler, rewriting the reap logic silliness,
and stopping procmon from trying to kill reaped children.
5) fix whatever problems I noticed while fixing the above
6) whatever else I feel like improving at the time
7) ???
8) profit!
diff -u -u -r1.50 process.py
--- twisted/internet/process.py 10 Mar 2003 20:16:57 -0000 1.50
+++ twisted/internet/process.py 11 Mar 2003 13:08:00 -0000
@@ -33,10 +33,25 @@
pty = None
try:
- from initgroups import initgroups
import pwd
+ try:
+ from initgroups import initgroups
+ except:
+ import grp
+ def initgroups(username, dummy):
+ l=[]
+ for groupname, password, gid, userlist in grp.getgrall():
+ if username in userlist:
+ l.append(gid)
+ os.setgroups(l)
+ def switch_uid(uid, gid):
+ os.setgid(gid)
+ initgroups(pwd.getpwuid(uid)[0], gid)
+ os.setuid(uid)
except:
- def initgroups(*args): pass
+ def switch_uid(uid, gid):
+ os.setgid(gid)
+ os.setuid(uid)
from twisted.persisted import styles
from twisted.python import log, failure
@@ -229,9 +244,7 @@
os.chdir(path)
# set the UID before I actually exec the process
if settingUID:
- os.setgid(gid)
- initgroups(pwd.getpwuid(uid)[0], gid)
- os.setuid(uid)
+ switch_uid(uid, gid)
os.execvpe(command, args, environment)
except:
# If there are errors, bail and try to write something
@@ -482,9 +495,7 @@
# set the UID before I actually exec the process
if settingUID:
- os.setgid(gid)
- initgroups(pwd.getpwuid(uid)[0], gid)
- os.setuid(uid)
+ switch_uid(uid, gid)
os.execvpe(command, args, environment)
except:
stderr = os.fdopen(1, 'w')
--
:(){ :|:&};:
More information about the Twisted-Python
mailing list