Bugfix.

Bug was revealed through manual integration testing. Checks used to be ran as unpriviledged user instead of the actual service command (duh~).
2019-06-10 00:39:15 +02:00 · 2019-06-10 00:39:15 +02:00 · fbeece112a
parent 15aa28ea86
commit fbeece112a
1 changed files with 7 additions and 7 deletions
--- a/src/service/service.cr
+++ b/src/service/service.cr
@ -143,13 +143,6 @@ class Service
 			puts "  - #{check.name}"

 			child = Process.fork do
-				@reference.user.try do |user|
-					unless System.become_user user
-						STDERR << "service: child could not setuid() to user '#{user}'.\n"
-						exit 1
-					end
-				end
-
 				Process.exec "sh", ["-c", evaluate check.command], output: Process::Redirect::Inherit, error: Process::Redirect::Inherit
 			end.wait

@ -171,6 +164,13 @@ class Service
 			LibC.dup2 stdout_file.fd, 1
 			LibC.dup2 stderr_file.fd, 2

+			@reference.user.try do |user|
+				unless System.become_user user
+					STDERR << "service: child could not setuid() to user '#{user}'.\n"
+					exit 1
+				end
+			end
+
 			Process.exec command, args, chdir: @reference.directory
 		end