Ticket Navigation

Ticket #428 (enhancement)

Opened 3 years ago

Last modified 2 years ago

RFE: implement a "drop privileges" feature for CherryPy's embedded HTTP server

Status: closed (fixed)

Reported by:	danc86@gmail.com	Assigned to:	rdelon
Priority:	normal	Milestone:
Component:	CherryPy code	Keywords:
Cc:

Would it be possible to add a feature whereby CherryPy (when using the embedded HTTP server) changes uid and gid to values specified in the configuration, after binding its listening socket? This would allow it to serve on privileged ports (e.g. 80) while running as an unprivileged user.

Attachments

droppriv.patch (2.3 kB) - added by fumanchu on 08/26/06 16:14:06.: New Engine.drop_privileges method

Change History

01/27/06 18:03:24: Modified by anonymous

been there, googled a bit, found this http://antonym.org/node/100 Should at least be referenced as a recipe.

05/31/06 07:10:31: Modified by lawouach

I don't think it should be part of CP itself but it would be really interesting to port this recipe to the main documentation website.

08/12/06 03:23:17: Modified by fumanchu

Here's a lean and mean version:

def drop_privileges(new_user='nobody', new_group='nogroup'):
    """Drop privileges. UNIX only."""
    # Special thanks to Gavin Baker: http://antonym.org/node/100.
    
    import os, pwd, grp
    
    def names():
        return pwd.getpwuid(os.getuid())[0], grp.getgrgid(os.getgid())[0]
    name, group = names()
    cherrypy.log('Started as %r/%r' % (name, group), "PRIV")
    
    if os.getuid() != 0:
        # We're not root so, like, whatever dude.
        cherrypy.log("Already running as %r" % name, "PRIV")
        return
    
    # Try setting the new uid/gid (from new_user/new_group).
    try:
        os.setgid(grp.getgrnam(new_group)[2])
    except OSError, e:
        cherrypy.log('Could not set effective group id: %r' % e, "PRIV")
    
    try:
        os.setuid(pwd.getpwnam(new_user)[2])
    except OSError, e:
        cherrypy.log('Could not set effective user id: %r' % e, "PRIV")
    
    # Ensure a very convervative umask
    old_umask = os.umask(077)
    cherrypy.log('Old umask: %o, new umask: 077' % old_umask, "PRIV")
    cherrypy.log('Running as %r/%r' % names(), "PRIV")

08/26/06 16:14:06: Modified by fumanchu

attachment droppriv.patch added.

New Engine.drop_privileges method

08/26/06 16:14:24: Modified by fumanchu

I've attached a patch which puts this feature into the Engine. You would still use it via on_start_engine_list, most likely, although it's callable whenever. Thoughts?

08/27/06 01:14:09: Modified by lawouach

If you feel this patch won't have sneaky security issue then I don't mind it being included. If there are potentials security problems I am not sure we should take that risk.

08/28/06 14:12:20: Modified by fumanchu

status changed from new to closed.
resolution set to fixed.

Implemente in [1289].