Commit e986ef6f authored by Andrey Filippov's avatar Andrey Filippov

fixing bug related to the new security features in Git. Some requests to versions were made as root

parent 24b85cf6
...@@ -23,12 +23,29 @@ def version_update(path,file,evr): ...@@ -23,12 +23,29 @@ def version_update(path,file,evr):
return res return res
def revision_update(path,file): def revision_update(path,file):
import subprocess import subprocess, os# , pwd for some reasons pwd.getpwall() show some 3-user default, so read and parse etc/passwd
pef = None # , preexec_fn=pefuid
if (os.getuid() == 0):
uname = os.getlogin()
with open("/etc/passwd") as f:
for line in f:
line = line.strip()
a = line.split(':')
if a[0] == uname:
pef = preexec_fn=demote(int(a[3]),int(a[2]));
break
cmd = "cd "+path+"; git rev-list --count $(git log -1 --pretty=format:\"%H\" "+file+")..HEAD" cmd = "cd "+path+"; git rev-list --count $(git log -1 --pretty=format:\"%H\" "+file+")..HEAD"
try: try:
res = subprocess.check_output(cmd,stderr=subprocess.STDOUT,shell=True) res = subprocess.check_output(cmd,stderr=subprocess.STDOUT,shell=True, preexec_fn=pef)
except subprocess.CalledProcessError as e: except subprocess.CalledProcessError as e:
res = "error_"+e.returncode res = "error_"+e.returncode
res = str(int(res)) res = str(int(res))
res = res.strip(' \t\n\r') res = res.strip(' \t\n\r')
return res return res
def demote(user_uid, user_gid):
import os
def result():
os.setgid(user_gid)
os.setuid(user_uid)
return result
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment