Handle missing user when installing setuid in meson_post_install.py

The logic that sets the dbus-daemon-launcher-helper setuid does not handle the case where the group named the same as the dbus_user does not exist. This makes the assumption that the primary group of the dbus_user has the same name as the dbus_user. This may not be the case. To remedy these issues, obtain the group id for dbus_user instead of attempting to retrieve the group id by name. To avoid a failure when the user does not exist, handle the KeyError exception from the pwd.getpwnam function by printing a warning and skipping the logic to set the binary setuid. Perform an additional check to ensure that the dbus_user's primary group has only a single member. Fail similarly if it has more than one member. Resolves: #492 Signed-off-by: Simon McVittie <smcv@collabora.com>
2026-01-05 13:40:24 +01:00 · 2024-03-06 08:32:34 -06:00 · 2024-03-06 08:32:34 -06:00 · b104667bd7
commit b104667bd7
parent 9091c40bf5
1 changed files with 25 additions and 1 deletions
--- a/meson_post_install.py
+++ b/meson_post_install.py
@ -88,11 +88,35 @@ def post_install_exe():
    daemon_launch_helper = get_target('dbus-daemon-launch-helper')
    if daemon_launch_helper:
        import grp
+        import pwd
        exe_name = os.path.basename(daemon_launch_helper['install_filename'][0])
        exe_path = abs_libexecdir / exe_name
        dbus_user = get_option('dbus_user')
        if os.getuid() == 0:
-            os.chown(exe_path, 0, grp.getgrnam(dbus_user).gr_gid)
+            dbus_user_data = None
+            try:
+                dbus_user_data = pwd.getpwnam(dbus_user)
+            except KeyError:
+                print('Not installing {0} binary setuid!'.format(exe_path))
+                print('The dbus_user {0} does not exist!'.format(dbus_user))
+                return
+
+            dbus_group_data = None
+            try:
+                dbus_group_data = grp.getgrgid(dbus_user_data.pw_gid)
+            except KeyError:
+                print('Not installing {0} binary setuid!'.format(exe_path))
+                print('The dbus_user\'s primary group {0} does not exist!'.format(dbus_user))
+                return
+
+            if len(dbus_group_data.gr_mem) > 1:
+                print('Not installing {0} binary setuid!'.format(exe_path))
+                print('The dbus_user\'s primary group {0} contains {1} members when it '
+                      'should only contain one!'
+                      .format(dbus_user, len(dbus_group_data.gr_mem)))
+                return
+            
+            os.chown(exe_path, 0, dbus_user_data.pw_gid)
            os.chmod(exe_path, stat.S_ISUID | stat.S_IXUSR | stat.S_IXGRP)
        else:
            print('Not installing {0} binary setuid!'.format(exe_path))