:SETUID: check for Lisp-type connection and root

Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>

2 files changed, 3 insertions, 1 deletions

diff --git a/src/connection/setuid.lisp b/src/connection/setuid.lisp
index 100e98c..76d7fd4 100644
--- a/src/connection/setuid.lisp
+++ b/src/connection/setuid.lisp
@@ -29,6 +29,8 @@
   #-(or sbcl) (foreign-funcall "setgid" :unsigned-int uid :int))
 
 (defmethod establish-connection ((type (eql :setuid)) remaining &key to)
+  (unless (and (lisp-connection-p) (zerop (foreign-funcall "geteuid" :int)))
+    (error "~&SETUIDing requires a Lisp image running as root"))
   (informat 1 "~&SETUIDing to ~A" to)
   (re:register-groups-bind ((#'parse-integer uid gid))
       (#?/uid=([0-9]+).+gid=([0-9]+)/ (mrun "id" to))
diff --git a/src/package.lisp b/src/package.lisp
index 76d1802..c2fa817 100644
--- a/src/package.lisp
+++ b/src/package.lisp
@@ -352,7 +352,7 @@
   (:use #:cl
 	#:consfigurator
 	#:consfigurator.connection.fork
-	#-(or sbcl) #:cffi)
+	#:cffi)
   (:local-nicknames (#:re   #:cl-ppcre)
 		    (#:user #:consfigurator.property.user)))