From aa0ef8fe52c189d3eb79f7548271b49b51c06be4 Mon Sep 17 00:00:00 2001 From: Tessa Todorowski Date: Tue, 4 Jun 2024 11:04:55 +0200 Subject: [PATCH 1/2] include requested changes from PR #333 --- src/config.cpp | 9 +++++---- src/monitor/process_monitor_main.cpp | 14 +++++--------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/src/config.cpp b/src/config.cpp index ca9c5320..690298db 100644 --- a/src/config.cpp +++ b/src/config.cpp @@ -185,10 +185,10 @@ void parse_program_options(int argc, const char** argv) .metavar("PID") .optional(); - general_options.toggle("as-pre-sudo-user", "Drop root privileges before launching COMMAND.") + general_options.toggle("drop-root", "Drop root privileges before launching COMMAND.") .short_name("u"); - general_options.option("as-user", "User to drop privileges to before launching COMMAND.") + general_options.option("as-user", "Launch the COMMAND as the user USERNAME.") .short_name("U") .metavar("USERNAME") .optional(); @@ -370,7 +370,7 @@ void parse_program_options(int argc, const char** argv) config.mmap_pages = arguments.as("mmap-pages"); config.process = arguments.provided("pid") ? Process(arguments.as("pid")) : Process::invalid(); - config.drop_root = arguments.given("as-pre-sudo-user"); + config.drop_root = arguments.given("drop-root"); config.sampling_event = arguments.get("event"); config.sampling_period = arguments.as("count"); config.enable_cct = arguments.given("call-graph"); @@ -430,7 +430,8 @@ void parse_program_options(int argc, const char** argv) } } - if (arguments.given("as-pre-sudo-user") && std::getenv("SUDO_UID") == NULL) + if (arguments.given("drop-root") && (std::getenv("SUDO_UID") == nullptr) && + (!arguments.provided("as-user"))) { Log::error() << "-u was specified but no sudo was detected."; std::exit(EXIT_FAILURE); diff --git a/src/monitor/process_monitor_main.cpp b/src/monitor/process_monitor_main.cpp index 376c7b84..aa4a4819 100644 --- a/src/monitor/process_monitor_main.cpp +++ b/src/monitor/process_monitor_main.cpp @@ -75,21 +75,17 @@ static void drop_privileges() } else { - // sudo is garanteed in this case, see check in config.hpp + assert(std::getenv("SUDO_UID") != nullptr); + try { original_uid = std::stoi(std::getenv("SUDO_UID")); original_gid = std::stoi(std::getenv("SUDO_GID")); } - catch (std::invalid_argument const& e) + catch (const std::exception& e) { - Log::error() << "Cannot parse SUDO_UID/SUDO_GID into int."; - throw_errno(); - } - catch (std::out_of_range const& e) - { - Log::error() << "SUDO_UID/SUDO_GID out of range."; - throw_errno(); + Log::error() << "Cannot parse the environment variables SUDO_UID and/or SUDO_GID."; + throw; } } From 9e68dd1a1019ea1650e4101155e9760e9cc979eb Mon Sep 17 00:00:00 2001 From: Tessa Todorowski Date: Thu, 6 Jun 2024 08:35:00 +0200 Subject: [PATCH 2/2] update option name on manpage --- man/lo2s.1.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/lo2s.1.pod b/man/lo2s.1.pod index 6bf974f1..8ffdfbc6 100644 --- a/man/lo2s.1.pod +++ b/man/lo2s.1.pod @@ -154,7 +154,7 @@ determine the trace path instead, including variable substitution. Attach to a running process with process ID I instead of launching I. -=item B<-u>, B<--as-pre-sudo-user> +=item B<-u>, B<--drop-root> Launch I as the user that called on sudo. Requires a lo2s call with sudo. @@ -315,7 +315,7 @@ Can not be used in conjunction with B<--metric-leader> =item B<--syscall> I Record syscall activity for the given syscall or "all" to record all syscalls. -Can be given multiple times to record multiple syscalls at once. +Can be given multiple times to record multiple syscalls at once. Argument may either be a syscall name, like "read", or a syscall number. Note that due to the high event-rate of many syscalls it is advised to keep the number of recorded syscalls limited.