fix: drop privileges to original user when running with sudo #6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![blink-so[bot]](https://avatars.githubusercontent.com/in/1271127?s=80&v=4){kind=small}
When jail is executed with sudo, the subprocess now runs as the original user instead of root. This is a minimal implementation that only handles privilege dropping without environment manipulation. Changes: - Linux: Check SUDO_UID/SUDO_GID and use syscall.Credential to drop privileges - macOS: Same privilege dropping logic, preserve original group behavior for non-sudo - Added proper error handling and debug logging Now 'sudo jail -- whoami' returns the original username instead of 'root'. Co-authored-by: f0ssel <[email protected]>
When running under sudo, the CA certificate was being stored in root's home directory but the subprocess (running as original user) couldn't access it, causing certificate verification errors. Now GetConfigDir() detects sudo execution and uses the original user's home directory, ensuring the subprocess can access the CA certificate. Fixes: curl: (77) error setting certificate verify locations Co-authored-by: f0ssel <[email protected]>
When running under sudo, the config directory was created by root but the subprocess runs as the original user, causing permission issues. Now the directory ownership is changed to the original user after creation, ensuring the subprocess can access certificate files. Co-authored-by: f0ssel <[email protected]>
When running under sudo, tools like claude couldn't find their config files because they were looking in root's HOME directory instead of the original user's home. This adds minimal environment restoration: - HOME: Set to original user's home directory - USER: Set to original username This allows user tools to find their configuration files while keeping the implementation clean and focused. Co-authored-by: f0ssel <[email protected]>
Some tools check LOGNAME instead of USER to determine the current user. Adding LOGNAME=original_user to ensure consistent user identity across all environment variables. Co-authored-by: f0ssel <[email protected]>
Previously, we were changing both UID and GID to the original user, which broke network jailing because the subprocess was no longer in the jail group that gets redirected through the proxy. Now we: - Change UID to original user (for correct user identity) - Keep GID as jail group (for network isolation) This maintains both user identity and network jailing functionality. Co-authored-by: f0ssel <[email protected]>
Since we're keeping the jail group instead of using the original user's group, we don't need to parse SUDO_GID anymore. Co-authored-by: f0ssel <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
When jail is executed with
sudo, the subprocess runs as root instead of the original user:sudo jail -- whoami # Returns "root" instead of original usernameThis causes issues because:
Solution
This PR implements privilege dropping to make the subprocess run as the original user when jail is executed with sudo.
Implementation
Clean and Minimal Approach:
Linux (
network/linux.go):SUDO_UID/SUDO_GIDenvironment variablessyscall.Credentialto set subprocess UID/GIDmacOS (
network/macos.go):Usage
Testing
The implementation has been tested to ensure:
Benefits