Merge lp:~smoser/maas/lp1060942 into lp:maas/trunk

Proposed by Scott Moser on 2012-10-03
Status: Rejected
Rejected by: Scott Moser on 2012-10-03
Proposed branch: lp:~smoser/maas/lp1060942
Merge into: lp:maas/trunk
Diff against target: 12 lines (+1/-1)
1 file modified
src/provisioningserver/start_cluster_controller.py (+1/-1)
To merge this branch: bzr merge lp:~smoser/maas/lp1060942
Reviewer Review Type Date Requested Status
Andres Rodriguez Approve on 2012-10-03
Launchpad code reviewers 2012-10-03 Pending
Review via email: mp+127767@code.launchpad.net

Commit Message

re-order setgid and setuid calls. setuid cannot be done after setgid.

Once you've dropped the uid, you no longer can change the gid. setgid must
come first.

Description of the Change

re-order setgid and setuid calls. setuid cannot be done after setgid.

Once you've dropped the uid, you no longer can change the gid.

http://stackoverflow.com/questions/4692720/operation-not-permitted-while-dropping-privileges-using-setuid-function

To post a comment you must log in.
Andres Rodriguez (andreserl) wrote :

looks good

review: Approve
lp:~smoser/maas/lp1060942 updated on 2012-10-03
1150. By Scott Moser on 2012-10-03

Add bug 1060942 to to --fixes.

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'src/provisioningserver/start_cluster_controller.py'
2--- src/provisioningserver/start_cluster_controller.py 2012-10-03 11:35:18 +0000
3+++ src/provisioningserver/start_cluster_controller.py 2012-10-03 14:00:28 +0000
4@@ -139,8 +139,8 @@
5
6 # Change gid first, just in case changing the uid might deprive
7 # us of the privileges required to setgid.
8+ os.setuid(uid)
9 os.setgid(gid)
10- os.setuid(uid)
11
12 os.execvpe(command[0], command, env=env)
13