Projects/mysqladm-rs
12
2
Fork 0
Code Issues 44 Pull Requests Actions Packages Releases Activity

Add warning comments for functions running as SUID/SGID
Some checks failed
Build / check (push) Failing after 5m22s
Details
Build / build (push) Successful in 14m47s
Details
Build / docs (push) Successful in 15m41s
Details

Browse Source
This commit is contained in:
Oystein Kristoffer Tveit
2025-11-10 12:11:24 +09:00
parent d932b57aaa
commit c6d3bbca6f
4 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/cli/mysql_admutils_compatibility/mysql_dbadm.rs
View File

@@ -143,6 +143,7 @@ pub struct EditPermArgs {
pub database: MySQLDatabase,
}
/// **WARNING:** This function may be run with elevated privileges.
pub fn main() -> anyhow::Result<()> {
let args: Args = Args::parse();

1
src/cli/mysql_admutils_compatibility/mysql_useradm.rs
View File

@@ -108,6 +108,7 @@ pub struct ShowArgs {
name: Vec<MySQLUser>,
}
/// **WARNING:** This function may be run with elevated privileges.
pub fn main() -> anyhow::Result<()> {
let args: Args = Args::parse();

2
src/core/bootstrap.rs
View File

@@ -59,6 +59,8 @@ fn will_connect_to_external_server(
/// Note that this function is also responsible for setting up logging,
/// because in the case of an internal server, we need to drop privileges
/// before we can initialize logging.
///
/// **WARNING:** This function may be run with elevated privileges.
pub fn bootstrap_server_connection_and_drop_privileges(
server_socket_path: Option<PathBuf>,
config: Option<PathBuf>,

11
src/main.rs
View File

@@ -106,9 +106,7 @@ enum ToplevelCommands {
MysqlUseradm,
}
// TODO: tag all functions that are run with elevated privileges with
// comments emphasizing the need for caution.
/// **WARNING:** This function may be run with elevated privileges.
fn main() -> anyhow::Result<()> {
#[cfg(feature = "mysql-admutils-compatibility")]
if handle_mysql_admutils_command()?.is_some() {
@@ -136,6 +134,7 @@ fn main() -> anyhow::Result<()> {
Ok(())
}
/// **WARNING:** This function may be run with elevated privileges.
fn handle_mysql_admutils_command() -> anyhow::Result<Option<()>> {
let argv0 = std::env::args().next().and_then(|s| {
PathBuf::from(s)
@@ -150,6 +149,7 @@ fn handle_mysql_admutils_command() -> anyhow::Result<Option<()>> {
}
}
/// **WARNING:** This function may be run with elevated privileges.
fn handle_server_command(args: &Args) -> anyhow::Result<Option<()>> {
match args.command {
Command::Server(ref command) => {
@@ -169,6 +169,7 @@ fn handle_server_command(args: &Args) -> anyhow::Result<Option<()>> {
}
}
/// **WARNING:** This function may be run with elevated privileges.
fn handle_generate_completions_command(args: &Args) -> anyhow::Result<Option<()>> {
match args.command {
Command::GenerateCompletions(ref completion_args) => {
@@ -199,6 +200,7 @@ fn handle_generate_completions_command(args: &Args) -> anyhow::Result<Option<()>
}
}
/// Start a long-lived server using Tokio.
fn tokio_start_server(
server_socket_path: Option<PathBuf>,
config_path: Option<PathBuf>,
@@ -214,6 +216,9 @@ fn tokio_start_server(
})
}
/// Run the given commmand (from the client side) using Tokio.
///
/// **WARNING:** This function may be run with elevated privileges.
fn tokio_run_command(command: Command, server_connection: StdUnixStream) -> anyhow::Result<()> {
tokio::runtime::Builder::new_current_thread()
.enable_all()