From 40f58f66e99fa8381c4ed68b88508692ed9a3f9e Mon Sep 17 00:00:00 2001
From: Michal Toman <mtoman@redhat.com>
Date: Mon, 21 Mar 2011 12:08:44 +0100
Subject: retrace server: run GDB without root privilegies

---
 src/retrace/retrace.py | 21 +++++++++++----------
 src/retrace/worker.c   | 20 ++++++++++++++++----
 2 files changed, 27 insertions(+), 14 deletions(-)

(limited to 'src')

diff --git a/src/retrace/retrace.py b/src/retrace/retrace.py
index eb324037..f3933fb3 100644
--- a/src/retrace/retrace.py
+++ b/src/retrace/retrace.py
@@ -142,7 +142,7 @@ def guess_release(package):
 def run_gdb(savedir):
     try:
         exec_file = open("%s/crash/executable" % savedir, "r")
-        executable = exec_file.read().replace("'", "")
+        executable = exec_file.read().replace("'", "").replace("\"", "")
         exec_file.close()
     except:
         return ""
@@ -155,15 +155,16 @@ def run_gdb(savedir):
         return ""
 
     pipe = Popen(["mock", "shell", "-r", mockr, "--",
-                  "gdb", "-batch",
-                  "-ex", "'file %s'" % executable,
-                  "-ex", "'core-file /var/spool/abrt/crash/coredump'",
-                  "-ex", "'thread apply all backtrace 2048 full'",
-                  "-ex", "'info sharedlib'",
-                  "-ex", "'print (char*)__abort_msg'",
-                  "-ex", "'print (char*)__glib_assert_msg'",
-                  "-ex", "'info registers'",
-                  "-ex", "'disassemble'",
+                  "su", "mockbuild", "-c",
+                  "\" gdb -batch"
+                  " -ex 'file %s'"
+                  " -ex 'core-file /var/spool/abrt/crash/coredump'"
+                  " -ex 'thread apply all backtrace 2048 full'"
+                  " -ex 'info sharedlib'"
+                  " -ex 'print (char*)__abort_msg'"
+                  " -ex 'print (char*)__glib_assert_msg'"
+                  " -ex 'info registers'"
+                  " -ex 'disassemble' \"" % executable,
                   # redirect GDB's stderr, ignore mock's stderr
                   "2>&1"], stdout=PIPE).stdout
 
diff --git a/src/retrace/worker.c b/src/retrace/worker.c
index 2020627d..83773e61 100644
--- a/src/retrace/worker.c
+++ b/src/retrace/worker.c
@@ -1,5 +1,6 @@
 #include <stdio.h>
 #include <ctype.h>
+#include <pwd.h>
 #include <stdlib.h>
 #include <unistd.h>
 
@@ -13,6 +14,8 @@ int main(int argc, char **argv)
   char command[256];
   FILE *pipe;
   int i;
+  struct passwd *apache_user;
+  const char *apache_username = "apache";
 
   if (argc != 2)
   {
@@ -33,9 +36,18 @@ int main(int argc, char **argv)
       return 3;
     }
 
-  /* needs to be set to make mock work properly */
-  setenv("SUDO_USER", "root", 1);
-  setenv("SUDO_UID", "0", 1);
+  apache_user = getpwnam(apache_username);
+  if (!apache_user)
+  {
+    fprintf(stderr, "User \"%s\" not found.\n", apache_username);
+    return 4;
+  }
+
+  sprintf(command, "%d", apache_user->pw_uid);
+
+  setenv("SUDO_USER", apache_username, 1);
+  setenv("SUDO_UID", command, 1);
+  /* required by mock to be able to write into result directory */
   setenv("SUDO_GID", "0", 1);
 
   /* launch worker.py */
@@ -44,7 +56,7 @@ int main(int argc, char **argv)
   if (pipe == NULL)
   {
     fputs("Unable to run 'worker.py'.", stderr);
-    return 4;
+    return 5;
   }
 
   return pclose(pipe) >> 8;
-- 
cgit