From 7a873f87a2fe0c2f95dbe0788c3cb19e66ad46e0 Mon Sep 17 00:00:00 2001
From: Alberto Planas <aplanas@suse.com>
Date: Tue, 12 Jul 2022 14:09:24 +0200
Subject: [PATCH] main: die when cannot drop privileges

If `run_as` parameter is set but the user is missing in the system,
keylime will log an ERROR when trying to drop privileges, but continue
the execution as the current user (usually `root`).  This can be a
security issue, as the agent is running "silently" as a privileged user.

This commit stop the execution if an error is found when dropping
privileges for the agent service, and present an `info!` message with
the current user and group.

Signed-off-by: Alberto Planas <aplanas@suse.com>
---
 src/main.rs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main.rs b/src/main.rs
index 7f8153e11..22f9548e5 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -411,13 +411,15 @@ async fn main() -> Result<()> {
 
     // Drop privileges
     if let Some(user_group) = &config.run_as {
-        permissions::chown(user_group, &mount);
+        permissions::chown(user_group, &mount)
+            .expect("Error when changing directory ownership");
         if let Err(e) = permissions::run_as(user_group) {
             let message = "The user running the Keylime agent should be set in keylime.conf, using the parameter `run_as`, with the format `user:group`".to_string();
 
             error!("Configuration error: {}", &message);
             return Err(Error::Configuration(message));
         }
+        info!("Running the service as {}...", user_group);
     }
 
     info!("Starting server with API version {}...", API_VERSION);