[Twisted-Python] t.i.process uid/gid suckiness

Tue Mar 11 06:25:10 MST 2003

The handling of uid/gid changes and SIGCHLD all around twisted
	are in an appalling state. I've tried to bitch at the right
	people, but that hasn't helped, so I'm taking the more
	heavyhanded approach of just fixing stuff. Let the code talk.

	However, I still don't consider myself an authority on what
	Twisted should do, don't have that much time longer term (I
	will not maintain this code permanently), and don't know what
	silly limitations the windows port of python has. So, I'll try
	to write down what changes I'm planning on doing, so you have
	a chance of vetoing. If I get no comments, I'll just basically
	go ahead and commit what I happen to want to, touching a many
	areas of mktap/t.i.process/procmon/whatever. If you want to
	avoid a de facto hijack-fix-abandon process, TALK NOW

	0) make the t.i.process setuid/setgid code actually work (see
	   patch; BTW is the initgroups part really needed? I feel my
	   pure-python 6-liner does the same thing.)

	1) make all places that take uid/gid just silently take in
	   strings, too, and use pwd/grp to convert them to uids and
	   gids as necessary

	2) make .taps store uids and gids as strings

	3) defer procmon startup so the processes are forked only
           after setuid has happened.

	4) try to fix the child process races, atleast including
           deferring signal-triggered processing to happen outside the
           actual signal handler, rewriting the reap logic silliness,
	   and stopping procmon from trying to kill reaped children.

	5) fix whatever problems I noticed while fixing the above

	6) whatever else I feel like improving at the time

	7) ???

	8) profit!

diff -u -u -r1.50 process.py

--- twisted/internet/process.py	10 Mar 2003 20:16:57 -0000	1.50
+++ twisted/internet/process.py	11 Mar 2003 13:08:00 -0000
@@ -33,10 +33,25 @@
     pty = None
 
 try:
-    from initgroups import initgroups
     import pwd
+    try:
+        from initgroups import initgroups
+    except:
+        import grp
+        def initgroups(username, dummy):
+            l=[]
+            for groupname, password, gid, userlist in grp.getgrall():
+                if username in userlist:
+                    l.append(gid)
+            os.setgroups(l)
+    def switch_uid(uid, gid):
+        os.setgid(gid)
+        initgroups(pwd.getpwuid(uid)[0], gid)
+        os.setuid(uid)
 except:
-    def initgroups(*args): pass
+    def switch_uid(uid, gid):
+        os.setgid(gid)
+        os.setuid(uid)
 
 from twisted.persisted import styles
 from twisted.python import log, failure
@@ -229,9 +244,7 @@
                     os.chdir(path)
                 # set the UID before I actually exec the process
                 if settingUID:
-                    os.setgid(gid)
-                    initgroups(pwd.getpwuid(uid)[0], gid)
-                    os.setuid(uid)
+                    switch_uid(uid, gid)
                 os.execvpe(command, args, environment)
             except:
                 # If there are errors, bail and try to write something
@@ -482,9 +495,7 @@
 
                 # set the UID before I actually exec the process
                 if settingUID:
-                    os.setgid(gid)
-                    initgroups(pwd.getpwuid(uid)[0], gid)
-                    os.setuid(uid)
+                    switch_uid(uid, gid)
                 os.execvpe(command, args, environment)
             except:
                 stderr = os.fdopen(1, 'w')


-- 
:(){ :|:&};:


