I'm trying to run a Juce based software under a specific user-id so I've set the standard setuid bit on the executable.
This fails since Juce::Thread and juce::Process change back the user ID to the effective user (who's launching the process).
I wouldn't expect a library to deal with user ID at all (or if it does, I would expect it restore the previous state correctly, so it's transparent to the user).
Also, this seems wrong currently:
- Code: Select all
void* threadEntryProc (void* value)
{
// New threads start off as root when running suid
Process::lowerPrivilege();
juce_threadEntryPoint (value);
return 0;
}
Here's an example code to show this:
- Code: Select all
#include <unistd.h>
#include <sys/types.h>
#include <pthread.h>
void * threadEntryProc(void * value)
{
printf("T e:%d, r:%d\n", geteuid(), getuid());
while (1);
}
int main(int a, char ** b)
{
printf("e:%d, r:%d\n", geteuid(), getuid());
setreuid (geteuid(), getuid());
printf("e:%d, r:%d\n", geteuid(), getuid());
pthread_t t;
pthread_create(&t, NULL, threadEntryProc, 0);
while(1);
return 0;
}
Gives (on setuid executable):
- Code: Select all
e:0, r:1000
e:1000, r:0
T e:1000, r:0
So clearly the thread uid and euid is the same as the process itself.
Said differently, changing the uid and euid in a thread changes for the whole process, thus losing the setuid permission given to the executable.
