Feature #6975
closed
Changing UID/GID when calling spawn/popen
Added by vihai (Daniele Orlandi) over 11 years ago.
Updated about 11 years ago.
Description
Hello,
If I am not wrong it seems that there is no way to properly drop all privileges when spawning a process with spawn/popen.
AFAIK, proper privilege dropping should be done after the fork() and before the exec() and there doesn't seem to be such functionality neither an hook like Python has.
Thanks,
Bye,
- Description updated (diff)
- Category set to core
- Assignee set to akira (akira yamada)
- Assignee changed from akira (akira yamada) to akr (Akira Tanaka)
posix_spawn has an option to dropping privileges: POSIX_SPAWN_RESETIDS
I guess primitive setuid/setgid is too generic for this use case.
- Status changed from Open to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r37124.
Daniele, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
process.c: uid gid exec options
- process.c (rb_execarg_addopt, rb_execarg_run_options): add :uid and
:gid options. [ruby-core:47414] [Feature #6975]
Thank you very much!
However it would useful and recommendable if spawn could also initialize additional groups, either directly via setgroups(2) or via initgroups(3)
Do you agree?
Should I create a new feature request?
Should I create a new feature request?
Yes, please make another ticket.
Also available in: Atom
PDF
Like0
Like0Like0Like0Like0Like0