fix macos drop privs #231
fix macos drop privs #231
Conversation
phillyqueso
force-pushed
the
macos_drop_privs
branch
from
1cbede1 to
0a332e5
Compare
|
@phillyqueso run |
phillyqueso
force-pushed
the
macos_drop_privs
branch
from
0a332e5 to
4b67aa1
Compare
|
@phillyqueso so I have good news and bad news. The good news is that we fixed the CI issues on the master branch, and all you need to do here is merge in those changes. The bad news is that there are some mean merge conflicts here, as we just split the crate into a workspace, which should have been done long ago. |
No problem @Noah-Kennedy! I'll rebase and push the fix soon. |
phillyqueso
force-pushed
the
macos_drop_privs
branch
from
4b67aa1 to
5c6c137
Compare
| return Err(Error::DropPrivileges("NULL from getlogin".to_owned())); | ||
| #[cfg(target_os = "macos")] | ||
| { | ||
| let uname: &'static str = env!("USER"); |
There was a problem hiding this comment.
env!() retrieves the environment variable at compile time, is it expected? If I compile the code in one user, and use the binary in another user(or machine), the behavior is incorrect.
There was a problem hiding this comment.
Ahh crap, thanks for catching this.
There was a problem hiding this comment.
I'll open up a PR after I eat breakfast.
There was a problem hiding this comment.
Also, next time, it's much easier to track this if you create an issue to track the problem.
…to get user In #231 we accidentally started using a compile-time environment environment variable instead of a runtime one for dropping privileges on macos. This causes privilege drops to fail when the user who is running the program does not have the same username as the user who compiled the program. The solution here is to use the runtime variable instead.
… drop privileges (#297) In #231 we accidentally started using a compile-time environment environment variable instead of a runtime one for dropping privileges on macos. This causes privilege drops to fail when the user who is running the program does not have the same username as the user who compiled the program. The solution here is to use the runtime variable instead.
… drop privileges (cloudflare#297) In cloudflare#231 we accidentally started using a compile-time environment environment variable instead of a runtime one for dropping privileges on macos. This causes privilege drops to fail when the user who is running the program does not have the same username as the user who compiled the program. The solution here is to use the runtime variable instead.
fixes #205
references: