← Back to branch summary

~xubuntu-dev/ubiquity/lp1437180_feh

« back to all changes in this revision

Viewing changes to bin/ubiquity-dm

  • Committer: Evan Dandrea
  • Date: 2008-02-25 05:48:18 UTC
  • Revision ID: evand@ubuntu.com-20080225054818-et9zmyjbui2y1bqt
* Properly drop privileges in ubiquity-dm.  Previous attempts were
  relying on SUDO_UID and SUDO_GID being set.

Show diffs side-by-side

added added

removed removed

Lines of Context:
bin/ubiquity-dm
11
11
sys.path.insert(0, '/usr/lib/ubiquity')
12
12
 
13
13
import ubiquity.frontend
14
 
from ubiquity.misc import drop_privileges
 
14
from pwd import getpwnam
15
15
 
16
16
background = '/usr/share/backgrounds/warty-final-ubuntu.png'
17
17
 
42
42
            self.username = 'ubuntu'
43
43
        finally:
44
44
            fp.close()
 
45
        self.uid, self.gid = getpwnam(self.username)[2:4]
 
46
        self.uid = int(self.uid)
 
47
        self.gid = int(self.gid)
45
48
        # Look for a frontend module; we won't actually use it (yet), but
46
49
        # this lets us find out which window manager etc. to launch. Be
47
50
        # careful that importing this here will cause the underlying library
62
65
    def sigusr1_handler(self, signum, frame):
63
66
        self.server_started = True
64
67
 
 
68
    def drop_privileges(self):
 
69
        os.setgid(self.gid)
 
70
        os.setuid(self.uid)
 
71
 
65
72
    def server_preexec(self):
66
73
        signal.signal(signal.SIGUSR1, signal.SIG_IGN)
67
74
 
70
77
        if not os.path.exists('/var/log/installer'):
71
78
            os.makedirs('/var/log/installer')
72
79
        logfile = open('/var/log/installer/dm', 'w')
 
80
        os.chmod('/var/log/installer/dm', 0666)
73
81
 
74
82
        signal.signal(signal.SIGUSR1, self.sigusr1_handler)
75
83
        signal.signal(signal.SIGTTIN, signal.SIG_IGN)
77
85
        server = subprocess.Popen(['X', '-br', '-ac', '-noreset', self.vt, self.display], stdin=null, stdout=logfile, stderr=logfile, preexec_fn=self.server_preexec)
78
86
 
79
87
        os.environ['DISPLAY'] = self.display
 
88
        os.environ['HOME'] = '/home/%s' % self.username
80
89
 
81
90
        # Really we should select on a pipe or something, but it's not worth
82
91
        # the effort for now.
101
110
 
102
111
        extras = []
103
112
        if self.frontend == 'gtk_ui':
104
 
            wm = subprocess.Popen(['/usr/bin/metacity', '--sm-disable'], stdin=null, stdout=logfile, stderr=logfile)
 
113
            wm = subprocess.Popen(['/usr/bin/metacity', '--sm-disable'],
 
114
                        stdin=null, stdout=logfile, stderr=logfile, preexec_fn=self.drop_privileges)
105
115
            if os.path.exists('/usr/lib/gnome-settings-daemon/gnome-settings-daemon'):
106
 
                extras.append(subprocess.Popen(['/usr/lib/gnome-settings-daemon/gnome-settings-daemon'], stdin=null, stdout=logfile, stderr=logfile, preexec_fn=drop_privileges))
 
116
                extras.append(subprocess.Popen(['/usr/lib/gnome-settings-daemon/gnome-settings-daemon'],
 
117
                                stdin=null, stdout=logfile, stderr=logfile, preexec_fn=self.drop_privileges))
107
118
            
108
119
            # Accessibility
109
120
            os.environ['GTK_MODULES'] = 'gail:atk-bridge'
115
126
                stdout=subprocess.PIPE, stderr=subprocess.PIPE)
116
127
            accessibility = subp.communicate()[0].rstrip('\n')
117
128
            if accessibility == 'true':
118
 
                extras.append(subprocess.Popen(['/usr/lib/at-spi/at-spi-registryd'], stdin=null, stdout=logfile, stderr=logfile, preexec_fn=drop_privileges))
 
129
                extras.append(subprocess.Popen(['/usr/lib/at-spi/at-spi-registryd'],
 
130
                    stdin=null, stdout=logfile, stderr=logfile,
 
131
                    preexec_fn=self.drop_privileges))
119
132
                fp = open('/proc/cmdline', 'r')
120
133
                if 'access=m2' in fp.readline():
121
134
                    if os.path.exists('/usr/bin/onboard'):
122
 
                        extras.append(subprocess.Popen(['/usr/bin/onboard'], stdin=null, stdout=logfile, stderr=logfile, preexec_fn=drop_privileges))
 
135
                        extras.append(subprocess.Popen(['/usr/bin/onboard'],
 
136
                            stdin=null, stdout=logfile, stderr=logfile,
 
137
                            preexec_fn=self.drop_privileges))
123
138
                else:
124
139
                    if os.path.exists('/usr/bin/orca'):
125
 
                        extras.append(subprocess.Popen(['/usr/bin/orca', '-n'], stdin=null, stdout=logfile, stderr=logfile, preexec_fn=drop_privileges))
 
140
                        extras.append(subprocess.Popen(['/usr/bin/orca', '-n'],
 
141
                            stdin=null, stdout=logfile, stderr=logfile,
 
142
                            preexec_fn=self.drop_privileges))
126
143
                fp.close()
127
144
        elif self.frontend == 'kde_ui':
128
 
            wm = subprocess.Popen('/usr/bin/kwin', stdin=null, stdout=logfile, stderr=logfile)
129
 
            extras.append(subprocess.Popen(['/usr/bin/dcopserver', '--nosid'], stdin=null, stdout=logfile, stderr=logfile, preexec_fn=drop_privileges))
 
145
            wm = subprocess.Popen('/usr/bin/kwin', stdin=null, stdout=logfile,
 
146
                stderr=logfile, preexec_fn=self.drop_privileges)
 
147
            extras.append(subprocess.Popen(['/usr/bin/dcopserver', '--nosid'],
 
148
                stdin=null, stdout=logfile, stderr=logfile,
 
149
                preexec_fn=self.drop_privileges))
130
150
 
131
151
        greeter = subprocess.Popen(program, stdin=null, stdout=logfile, stderr=logfile)
132
152
        ret = greeter.wait()