SystemServer: Ensure service drop privileges could fail only when root

If we try to launch a lazily-spawned service and the SystemServer as a (running --user) session leader is running with root permissions, then if it is instructed to drop the root permissions for a the new service then it will make sense to abort the entire spawn procedure if dropping of privileges failed. For other users, trying to change UID/GID to something else doesn't make sense (and will always actually fail) as we are already running in non root permissions, hence we don't attempt to do this anymore. It should be noted that if an explicit User configuration was actually specified for a Service to be used with, we would still try to login with the requested User option value, which would fail when running as non-root user. This is useful for example when trying to run the pro utility with pls to elevate to root permissions, but the session leader is still the same so trying to "drop" privileges to UID 0 doesn't make sense.
2025-07-27 15:47:45 +00:00 · 2023-05-24 21:55:17 +03:00 · 2023-05-24 21:55:17 +03:00 · 43903aa960
commit 43903aa960
parent 189af20294
2 changed files with 29 additions and 10 deletions
--- a/Userland/Services/SystemServer/Service.h
+++ b/Userland/Services/SystemServer/Service.h
@ -33,6 +33,8 @@ private:

    ErrorOr<void> determine_account(int fd);

+    ErrorOr<void> change_privileges();
+
    /// SocketDescriptor describes the details of a single socket that was
    /// requested by a service.
    struct SocketDescriptor {
@ -74,6 +76,7 @@ private:

    // The resolved user account to run this service as.
    Optional<Core::Account> m_account;
+    bool m_must_login { false };

    // For single-instance services, PID of the running instance of this service.
    pid_t m_pid { -1 };