shellfn icon indicating copy to clipboard operation
shellfn copied to clipboard
verified publisher icon synek317

does not preserve EUID

Open jlgerber opened this issue 6 years ago • 0 comments

I have an executable that uses shellfn::shell to execute a command and the executable has the SUID bit set, but the euid does not get preserved in the shell, whereas it does with the std library subprocess. to test this I wrote an executable that does this:

use nix::unistd::{getuid, geteuid};

fn main() {
    println!("euid {:?} {:?}", getuid(), geteuid());
}

and then wrote an executable to shell out and call it:


use shellfn::shell;
use nix::unistd::{getuid, geteuid};

fn main() {
    println!("euid {:?} {:?}", getuid(), geteuid());

    let info = _info().unwrap();
    //let info = _info2();
    println!("subprocess {}", info);
}

#[shell]
fn _info() -> Result<String, Box<std::error::Error>> { r#"
    ./subpuid
"# }

fn _info2() -> String {
    let output = std::process::Command::new("./subpuid")
                     .output()
                     .expect("failed to execute process");

   let scow = String::from_utf8_lossy(&output.stdout);
   let mut op = String::new();
   op.push_str(&scow);
   op
}

If you change the owner on the main command and set its euid bit (chmod u+s fllename) then run it, you will see that the EUID gets lost when compiled with _info but not _info2.

jlgerber avatar Jun 07 '19 11:06 jlgerber