launchpad-reviewers team mailing list archive

[Scott Moser <smoser@xxxxxxxxxx>]

Scott Moser has proposed merging lp:~smoser/maas/lp1060942 into lp:maas.

Commit message:
re-order setgid and setuid calls. setuid cannot be done after setgid.

Once you've dropped the uid, you no longer can change the gid.  setgid must
come first.

Requested reviews:
  Andres Rodriguez (andreserl)
  Launchpad code reviewers (launchpad-reviewers)
Related bugs:
  Bug #1060942 in MAAS: "maas-cluster-celery job dies"
  https://bugs.launchpad.net/maas/+bug/1060942

For more details, see:
https://code.launchpad.net/~smoser/maas/lp1060942/+merge/127767

re-order setgid and setuid calls. setuid cannot be done after setgid.

Once you've dropped the uid, you no longer can change the gid.

http://stackoverflow.com/questions/4692720/operation-not-permitted-while-dropping-privileges-using-setuid-function

-- 
https://code.launchpad.net/~smoser/maas/lp1060942/+merge/127767
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~smoser/maas/lp1060942 into lp:maas.

=== modified file 'src/provisioningserver/start_cluster_controller.py'
--- src/provisioningserver/start_cluster_controller.py	2012-10-03 11:35:18 +0000
+++ src/provisioningserver/start_cluster_controller.py	2012-10-03 13:47:22 +0000
@@ -139,8 +139,8 @@
 
     # Change gid first, just in case changing the uid might deprive
     # us of the privileges required to setgid.
+    os.setuid(uid)
     os.setgid(gid)
-    os.setuid(uid)
 
     os.execvpe(command[0], command, env=env)