mirror of
https://github.com/Jguer/yay
synced 2024-10-05 23:59:13 +00:00
feat(su): deelevate if ran as su using a privilege elevation tool
This commit is contained in:
parent
251c456d70
commit
bc1d900fa9
|
@ -176,7 +176,7 @@ func install(ctx context.Context, cmdArgs *parser.Arguments, dbExecutor db.Execu
|
||||||
cmdArgs, config.Runtime.Mode, settings.NoConfirm))
|
cmdArgs, config.Runtime.Mode, settings.NoConfirm))
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(dp.Aur) > 0 && os.Geteuid() == 0 {
|
if len(dp.Aur) > 0 && os.Geteuid() == 0 && os.Getenv("SUDO_USER") == "" && os.Getenv("DOAS_USER") == "" {
|
||||||
return fmt.Errorf(gotext.Get("refusing to install AUR packages as root, aborting"))
|
return fmt.Errorf(gotext.Get("refusing to install AUR packages as root, aborting"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -33,19 +33,21 @@ func getConfigPath() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func getCacheHome() string {
|
func getCacheHome() string {
|
||||||
if cacheHome := os.Getenv("XDG_CACHE_HOME"); cacheHome != "" {
|
uid := os.Geteuid()
|
||||||
|
|
||||||
|
if cacheHome := os.Getenv("XDG_CACHE_HOME"); cacheHome != "" && uid != 0 {
|
||||||
if err := initDir(cacheHome); err == nil {
|
if err := initDir(cacheHome); err == nil {
|
||||||
return filepath.Join(cacheHome, "yay")
|
return filepath.Join(cacheHome, "yay")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if cacheHome := os.Getenv("HOME"); cacheHome != "" {
|
if cacheHome := os.Getenv("HOME"); cacheHome != "" && uid != 0 {
|
||||||
if err := initDir(cacheHome); err == nil {
|
if err := initDir(cacheHome); err == nil {
|
||||||
return filepath.Join(cacheHome, ".cache", "yay")
|
return filepath.Join(cacheHome, ".cache", "yay")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return "/tmp"
|
return os.TempDir()
|
||||||
}
|
}
|
||||||
|
|
||||||
func initDir(dir string) error {
|
func initDir(dir string) error {
|
||||||
|
|
|
@ -5,8 +5,11 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
"os/user"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
"syscall"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/leonelquinteros/gotext"
|
"github.com/leonelquinteros/gotext"
|
||||||
|
@ -63,6 +66,8 @@ func (c *CmdBuilder) BuildGitCmd(ctx context.Context, dir string, extraArgs ...s
|
||||||
|
|
||||||
cmd.Env = append(os.Environ(), "GIT_TERMINAL_PROMPT=0")
|
cmd.Env = append(os.Environ(), "GIT_TERMINAL_PROMPT=0")
|
||||||
|
|
||||||
|
c.deElevateCommand(cmd)
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -85,6 +90,8 @@ func (c *CmdBuilder) BuildMakepkgCmd(ctx context.Context, dir string, extraArgs
|
||||||
cmd := exec.CommandContext(ctx, c.MakepkgBin, args...)
|
cmd := exec.CommandContext(ctx, c.MakepkgBin, args...)
|
||||||
cmd.Dir = dir
|
cmd.Dir = dir
|
||||||
|
|
||||||
|
c.deElevateCommand(cmd)
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -92,6 +99,26 @@ func (c *CmdBuilder) SetPacmanDBPath(dbPath string) {
|
||||||
c.PacmanDBPath = dbPath
|
c.PacmanDBPath = dbPath
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *CmdBuilder) deElevateCommand(cmd *exec.Cmd) {
|
||||||
|
if os.Geteuid() != 0 {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
ogCaller := ""
|
||||||
|
if caller := os.Getenv("SUDO_USER"); caller != "" {
|
||||||
|
ogCaller = caller
|
||||||
|
} else if caller := os.Getenv("DOAS_USER"); caller != "" {
|
||||||
|
ogCaller = caller
|
||||||
|
}
|
||||||
|
|
||||||
|
if userFound, err := user.Lookup(ogCaller); err == nil {
|
||||||
|
cmd.SysProcAttr = &syscall.SysProcAttr{}
|
||||||
|
uid, _ := strconv.Atoi(userFound.Uid)
|
||||||
|
gid, _ := strconv.Atoi(userFound.Gid)
|
||||||
|
cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(uid), Gid: uint32(gid)}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func (c *CmdBuilder) buildPrivilegeElevatorCommand(ctx context.Context, ogArgs []string) *exec.Cmd {
|
func (c *CmdBuilder) buildPrivilegeElevatorCommand(ctx context.Context, ogArgs []string) *exec.Cmd {
|
||||||
if c.SudoBin == "su" {
|
if c.SudoBin == "su" {
|
||||||
return exec.CommandContext(ctx, c.SudoBin, "-c", strings.Join(ogArgs, " "))
|
return exec.CommandContext(ctx, c.SudoBin, "-c", strings.Join(ogArgs, " "))
|
||||||
|
@ -121,7 +148,10 @@ func (c *CmdBuilder) BuildPacmanCmd(ctx context.Context, args *parser.Arguments,
|
||||||
|
|
||||||
if needsRoot {
|
if needsRoot {
|
||||||
waitLock(c.PacmanDBPath)
|
waitLock(c.PacmanDBPath)
|
||||||
return c.buildPrivilegeElevatorCommand(ctx, argArr)
|
|
||||||
|
if os.Geteuid() != 0 {
|
||||||
|
return c.buildPrivilegeElevatorCommand(ctx, argArr)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return exec.CommandContext(ctx, argArr[0], argArr[1:]...)
|
return exec.CommandContext(ctx, argArr[0], argArr[1:]...)
|
||||||
|
|
Loading…
Reference in a new issue