From f2191929a8888e4b8799cda3c7c188020a4cabf6 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Fri, 17 Jun 2022 13:49:34 -0700 Subject: wrap OSICAT:USER-INFO with getent(1) fallback Signed-off-by: Sean Whitton --- src/connection/linux-namespace.lisp | 4 ++++ src/connection/setuid.lisp | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'src/connection') diff --git a/src/connection/linux-namespace.lisp b/src/connection/linux-namespace.lisp index 2924f2e..a17b4e4 100644 --- a/src/connection/linux-namespace.lisp +++ b/src/connection/linux-namespace.lisp @@ -277,6 +277,8 @@ setgroups(2) is denied in the namespace." (let ((owner (get-userns-owner (caar ns-fds)))) (if (zerop owner) (nix:setgroups nil) + ;; We can't use USER:USER-INFO here because we can't + ;; run commands using RUNLINES. (alet (osicat:user-info owner) ;; As a precaution, we could also setuid & setgid to ;; OWNER here. However, it ought to be meaningless @@ -330,6 +332,8 @@ setgroups(2) is denied in the namespace." (nix:fchdir root-fd) (chroot "."))) (mapc #'nix:close opened-fds)) (when uid + ;; We similarly can't use USER:USER-INFO here because we still can't + ;; run commands using RUNLINES. (alet (or (osicat:user-info uid) (error "~&Could not look up user info for UID ~A." uid)) (setf user (cdr (assoc :name it))) diff --git a/src/connection/setuid.lisp b/src/connection/setuid.lisp index fda100f..5c21020 100644 --- a/src/connection/setuid.lisp +++ b/src/connection/setuid.lisp @@ -25,7 +25,7 @@ (error "~&SETUIDing requires a Lisp image running as root")) (informat 1 "~&SETUIDing to ~A" user) (let* ((ent - (or (osicat:user-info user) + (or (user:user-info user) (failed-change "~&Could not look up user info for ~A." user))) (xdg-cache-home (ensure-directory-pathname -- cgit v1.2.3