MCPcopy
hub / github.com/celery/celery / _setuid

Function _setuid

celery/platforms.py:558–583  ·  view source on GitHub ↗
(uid, gid)

Source from the content-addressed store, hash-verified

556
557
558def _setuid(uid, gid):
559 # If GID isn't defined, get the primary GID of the user.
560 if not gid and pwd:
561 gid = pwd.getpwuid(uid).pw_gid
562 # Must set the GID before initgroups(), as setgid()
563 # is known to zap the group list on some platforms.
564
565 # setgid must happen before setuid (otherwise the setgid operation
566 # may fail because of insufficient privileges and possibly stay
567 # in a privileged group).
568 setgid(gid)
569 initgroups(uid, gid)
570
571 # at last:
572 setuid(uid)
573 # ... and make sure privileges cannot be restored:
574 try:
575 setuid(0)
576 except OSError as exc:
577 if exc.errno != errno.EPERM:
578 raise
579 # we should get here: cannot restore privileges,
580 # everything was fine.
581 else:
582 raise SecurityError(
583 'non-root user able to restore privileges after setuid.')
584
585
586if hasattr(_signal, 'setitimer'):

Callers 1

maybe_drop_privilegesFunction · 0.85

Calls 4

setgidFunction · 0.85
initgroupsFunction · 0.85
setuidFunction · 0.85
SecurityErrorClass · 0.85

Tested by

no test coverage detected