Merge pull request #335 from teto519f/setuid_changes

Edit setuid() options as requested in PR #333
tud-zih-energy · Jul 11, 2024 · 53117b2 · 53117b2
2 parents 8e13667 + 9e68dd1
commit 53117b2
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 15 deletions.
diff --git a/man/lo2s.1.pod b/man/lo2s.1.pod
@@ -154,7 +154,7 @@ determine the trace path instead, including variable substitution.
 Attach to a running process with process ID I<PID> instead of launching
 I<COMMAND>.
 
-=item B<-u>, B<--as-pre-sudo-user>
+=item B<-u>, B<--drop-root>
 
 Launch I<COMMAND> as the user that called on sudo. Requires a lo2s call with sudo.
 
@@ -315,7 +315,7 @@ Can not be used in conjunction with B<--metric-leader>
 =item B<--syscall> I<SYSCALLS>
 
 Record syscall activity for the given syscall or "all" to record all syscalls.
-Can be given multiple times to record multiple syscalls at once. 
+Can be given multiple times to record multiple syscalls at once.
 Argument may either be a syscall name, like "read", or a syscall number.
 Note that due to the high event-rate of many syscalls it is advised to keep the number of recorded syscalls limited.
 

diff --git a/src/config.cpp b/src/config.cpp
@@ -185,10 +185,10 @@ void parse_program_options(int argc, const char** argv)
         .metavar("PID")
         .optional();
 
-    general_options.toggle("as-pre-sudo-user", "Drop root privileges before launching COMMAND.")
+    general_options.toggle("drop-root", "Drop root privileges before launching COMMAND.")
         .short_name("u");
 
-    general_options.option("as-user", "User to drop privileges to before launching COMMAND.")
+    general_options.option("as-user", "Launch the COMMAND as the user USERNAME.")
         .short_name("U")
         .metavar("USERNAME")
         .optional();
@@ -370,7 +370,7 @@ void parse_program_options(int argc, const char** argv)
     config.mmap_pages = arguments.as<std::size_t>("mmap-pages");
     config.process =
         arguments.provided("pid") ? Process(arguments.as<pid_t>("pid")) : Process::invalid();
-    config.drop_root = arguments.given("as-pre-sudo-user");
+    config.drop_root = arguments.given("drop-root");
     config.sampling_event = arguments.get("event");
     config.sampling_period = arguments.as<std::uint64_t>("count");
     config.enable_cct = arguments.given("call-graph");
@@ -430,7 +430,8 @@ void parse_program_options(int argc, const char** argv)
         }
     }
 
-    if (arguments.given("as-pre-sudo-user") && std::getenv("SUDO_UID") == NULL)
+    if (arguments.given("drop-root") && (std::getenv("SUDO_UID") == nullptr) &&
+        (!arguments.provided("as-user")))
     {
         Log::error() << "-u was specified but no sudo was detected.";
         std::exit(EXIT_FAILURE);

diff --git a/src/monitor/process_monitor_main.cpp b/src/monitor/process_monitor_main.cpp
@@ -75,21 +75,17 @@ static void drop_privileges()
     }
     else
     {
-        // sudo is garanteed in this case, see check in config.hpp
+        assert(std::getenv("SUDO_UID") != nullptr);
+
         try
         {
             original_uid = std::stoi(std::getenv("SUDO_UID"));
             original_gid = std::stoi(std::getenv("SUDO_GID"));
         }
-        catch (std::invalid_argument const& e)
+        catch (const std::exception& e)
         {
-            Log::error() << "Cannot parse SUDO_UID/SUDO_GID into int.";
-            throw_errno();
-        }
-        catch (std::out_of_range const& e)
-        {
-            Log::error() << "SUDO_UID/SUDO_GID out of range.";
-            throw_errno();
+            Log::error() << "Cannot parse the environment variables SUDO_UID and/or SUDO_GID.";
+            throw;
         }
     }