enumerate platform with getresuid support

2022-09-10 14:05:32 +02:00 · 2022-09-10 14:05:32 +02:00 · edfd416ba4
parent a11d292902
commit edfd416ba4
3 changed files with 21 additions and 19 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -147,6 +147,7 @@ name = "arti-client"
 version = "0.6.0"
 dependencies = [
 "anyhow",
+ "cfg-if",
 "derive_builder_fork_arti",
 "derive_more",
 "directories",
--- a/crates/arti-client/Cargo.toml
+++ b/crates/arti-client/Cargo.toml
@ -53,6 +53,7 @@ dirfilter = ["tor-dirmgr/dirfilter"]
 error_detail = []

 [dependencies]
+cfg-if = "1.0.0"
 derive_builder = { version = "0.11.2", package = "derive_builder_fork_arti" }
 derive_more = "0.99"
 directories = "4"
--- a/crates/arti-client/src/util.rs
+++ b/crates/arti-client/src/util.rs
@ -37,10 +37,17 @@ impl<'a, T: StateMgr + 'a> StateMgrUnlockGuard<'a, T> {
 ///
 /// On non-unix platforms, this function always returns false.
 pub(crate) fn running_as_setuid() -> bool {
-    #[cfg(target_family = "unix")]
-    {
-        #[cfg(not(target_os = "macos"))]
-        {
+    cfg_if::cfg_if! {
+        // this is the exhaustive list of os where `getresuid` and `getresgid` are available
+        if #[cfg(any(target_os = "fuchsia",
+                     target_os = "linux",
+                     target_os = "l4re",
+                     target_os = "android",
+                     target_os = "emscripten",
+                     target_os = "freebsd",
+                     target_os = "dragonfly",
+                     target_os = "openbsd",
+                     ))] {
            // Use `libc` to find our real, effective, and saved UIDs and GIDs.
            //
            // On systems with setresuid, a caller can (and people sometimes do)
@ -63,17 +70,12 @@ pub(crate) fn running_as_setuid() -> bool {
            let same_resuid = resuid.iter().all(|uid| uid == &resuid[0]);
            let same_resgid = resgid.iter().all(|gid| gid == &resgid[0]);
            !(same_resuid && same_resgid)
-        }
-        #[cfg(target_os = "macos")]
-        {
-            // Unaccountably, MacOS lacks setresuid/setresgid, which were invented literally
-            // decades ago to save people navigating the almost-incomprehensible swamp that is
-            // the behaviour of set{,e,re}{u,g}id.
-            //
-            // MacOS does actually *have* the saved set-id - you just can't find out what it is.
-            // I *think* it is even possible to create a situation where ruid==euid != saveduid.
-            // But it is not possible to detect it (other than maybe by experimentally
-            // guessing that saved set-id is zero and trying to seteuid(0) - a bad move).
+        } else if #[cfg(any(target_family = "unix", target_os = "vxworks"))] {
+            // Some unix-like OS lacks setresuid/setresgid, while possibly still having a saved
+            // set-id, which we then can't query. I *think* it is even possible to create a
+            // situation where ruid==euid != saveduid.  But it is not possible to detect it
+            // (other than maybe by experimentally guessing that saved set-id is zero and trying
+            // to seteuid(0) - a bad move).
            //
            // So, use test for euid==ruid instead, which is about the best we can do.

@ -82,10 +84,8 @@ pub(crate) fn running_as_setuid() -> bool {
            let same_reuid = unsafe { libc::geteuid() == libc::getuid() };
            let same_regid = unsafe { libc::getegid() == libc::getgid() };
            !(same_reuid && same_regid)
+        } else {
+            false
        }
    }
-    #[cfg(not(target_family = "unix"))]
-    {
-        false
-    }
 }