Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(916)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: tools/telemetry/telemetry/core/platform/posix_platform_backend.py

Issue 703203004: [telemetry] When launching an application elevated, check if it has NOPASSWD in sudoers. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Use sudo -l. Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « tools/telemetry/telemetry/core/platform/linux_platform_backend.py ('k') | tools/telemetry/telemetry/core/platform/profiler/perf_profiler.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: tools/telemetry/telemetry/core/platform/posix_platform_backend.py
diff --git a/tools/telemetry/telemetry/core/platform/posix_platform_backend.py b/tools/telemetry/telemetry/core/platform/posix_platform_backend.py
index 0ac77fe7ca37b8d2b14d0cac90d5ccfa68b57d5a..0f63632835b31838e314bba1fbfd5558639067ae 100644
--- a/tools/telemetry/telemetry/core/platform/posix_platform_backend.py
+++ b/tools/telemetry/telemetry/core/platform/posix_platform_backend.py
@@ -91,31 +91,40 @@ class PosixPlatformBackend(desktop_platform_backend.DesktopPlatformBackend):
assert isinstance(parameters, list), 'parameters must be a list'
args += parameters
- def IsSetUID(path):
- return (os.stat(path).st_mode & stat.S_ISUID) == stat.S_ISUID
+ def CanRunWithSudo(path):
+ if os.stat(path).st_mode & stat.S_ISUID == stat.S_ISUID:
+ return True
+
+ sudoers = subprocess.check_output(['/usr/bin/sudo', '-l'])
+ for line in sudoers.splitlines():
+ if re.match(r'\s*\(.+\) NOPASSWD: %s$' % path, line):
+ return True
+
+ return False
def IsElevated():
p = subprocess.Popen(
- ['sudo', '-nv'], stdin=subprocess.PIPE, stdout=subprocess.PIPE,
- stderr=subprocess.STDOUT)
+ ['/usr/bin/sudo', '-nv'], stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
stdout = p.communicate()[0]
# Some versions of sudo set the returncode based on whether sudo requires
# a password currently. Other versions return output when password is
# required and no output when the user is already authenticated.
return not p.returncode and not stdout
- if elevate_privilege and not IsSetUID(application):
- args = ['sudo'] + args
+ if elevate_privilege and not CanRunWithSudo(application):
+ args = ['/usr/bin/sudo'] + args
if not IsElevated():
print ('Telemetry needs to run %s under sudo. Please authenticate.' %
application)
- subprocess.check_call(['sudo', '-v']) # Synchronously authenticate.
+ # Synchronously authenticate.
+ subprocess.check_call(['/usr/bin/sudo', '-v'])
prompt = ('Would you like to always allow %s to be run as the current '
'user without sudo? If so, Telemetry will '
'`sudo chmod +s %s`. (y/N)' % (application, application))
if raw_input(prompt).lower() == 'y':
- subprocess.check_call(['sudo', 'chmod', '+s', application])
+ subprocess.check_call(['/usr/bin/sudo', 'chmod', '+s', application])
stderror_destination = subprocess.PIPE
if logging.getLogger().isEnabledFor(logging.DEBUG):
« no previous file with comments | « tools/telemetry/telemetry/core/platform/linux_platform_backend.py ('k') | tools/telemetry/telemetry/core/platform/profiler/perf_profiler.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698