main: die when cannot drop privileges

If `run_as` parameter is set but the user is missing in the system, keylime will log an ERROR when trying to drop privileges, but continue the execution as the current user (usually `root`). This can be a security issue, as the agent is running "silently" as a privileged user. This commit stop the execution if an error is found when dropping privileges for the agent service, and present an `info!` message with the current user and group. Signed-off-by: Alberto Planas <[email protected]>
keylime · Jul 26, 2022 · 7a873f8 · 7a873f8
1 parent 2638a4d
commit 7a873f8
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/main.rs b/src/main.rs
@@ -411,13 +411,15 @@ async fn main() -> Result<()> {
 
     // Drop privileges
     if let Some(user_group) = &config.run_as {
-        permissions::chown(user_group, &mount);
+        permissions::chown(user_group, &mount)
+            .expect("Error when changing directory ownership");
         if let Err(e) = permissions::run_as(user_group) {
             let message = "The user running the Keylime agent should be set in keylime.conf, using the parameter `run_as`, with the format `user:group`".to_string();
 
             error!("Configuration error: {}", &message);
             return Err(Error::Configuration(message));
         }
+        info!("Running the service as {}...", user_group);
     }
 
     info!("Starting server with API version {}...", API_VERSION);