unixcreds: use euid instead of uid

This commit also eliminates call for `os/user.Current()`, which segfaults when glibc is statically linkedin. (moby/moby#29478) Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
AkihiroSuda · Dec 1, 2017 · a841b83 · a841b83
1 parent af6e749
commit a841b83
Showing 1 changed file with 6 additions and 23 deletions.
diff --git a/unixcreds.go b/unixcreds.go
@@ -5,8 +5,6 @@ package ttrpc
 import (
 	"context"
 	"net"
-	"os/user"
-	"strconv"
 	"syscall"
 
 	"github.com/pkg/errors"
@@ -44,37 +42,22 @@ func (fn UnixCredentialsFunc) Handshake(ctx context.Context, conn net.Conn) (net
 	return uc, ucred, nil
 }
 
-func UnixSocketRequireUidGid(uid, gid uint32) UnixCredentialsFunc {
+func UnixSocketRequireEuidEgid(euid, egid uint32) UnixCredentialsFunc {
 	return func(ucred *unix.Ucred) error {
-		return requireUidGid(ucred, uid, gid)
+		return requireEuidEgid(ucred, euid, egid)
 	}
 }
 
 func requireRoot(ucred *unix.Ucred) error {
-	return requireUidGid(ucred, 0, 0)
+	return requireEuidEgid(ucred, 0, 0)
 }
 
 func requireSameUser(ucred *unix.Ucred) error {
-	u, err := user.Current()
-	if err != nil {
-		return errors.Wrapf(err, "could not resolve current user")
-	}
-
-	uid, err := strconv.ParseUint(u.Uid, 10, 32)
-	if err != nil {
-		return errors.Wrapf(err, "failed to parse current user uid: %v", u.Uid)
-	}
-
-	gid, err := strconv.ParseUint(u.Gid, 10, 32)
-	if err != nil {
-		return errors.Wrapf(err, "failed to parse current user gid: %v", u.Gid)
-	}
-
-	return requireUidGid(ucred, uint32(uid), uint32(gid))
+	return requireEuidEgid(ucred, uint32(unix.Geteuid()), uint32(unix.Getegid()))
 }
 
-func requireUidGid(ucred *unix.Ucred, uid, gid uint32) error {
-	if (uid != ucred.Uid) || (gid != ucred.Gid) {
+func requireEuidEgid(ucred *unix.Ucred, euid, egid uint32) error {
+	if (euid != ucred.Uid) || (egid != ucred.Gid) {
 		return errors.Wrap(syscall.EPERM, "ttrpc: invalid credentials")
 	}
 	return nil