Bug was revealed through manual integration testing. Checks used to be
ran as unpriviledged user instead of the actual service command (duh~).
This commit is contained in:
Luka Vandervelden 2019-06-10 00:39:15 +02:00
parent 15aa28ea86
commit fbeece112a

View File

@ -143,13 +143,6 @@ class Service
puts " - #{check.name}"
child = Process.fork do
@reference.user.try do |user|
unless System.become_user user
STDERR << "service: child could not setuid() to user '#{user}'.\n"
exit 1
end
end
Process.exec "sh", ["-c", evaluate check.command], output: Process::Redirect::Inherit, error: Process::Redirect::Inherit
end.wait
@ -171,6 +164,13 @@ class Service
LibC.dup2 stdout_file.fd, 1
LibC.dup2 stderr_file.fd, 2
@reference.user.try do |user|
unless System.become_user user
STDERR << "service: child could not setuid() to user '#{user}'.\n"
exit 1
end
end
Process.exec command, args, chdir: @reference.directory
end