fix(unsafe-debt): remove runtime unsafe UID check and forbid unsafe code (RMN-37 RMN-38)

2026-02-24 10:20:25 +00:00 · 2026-02-24 10:20:25 +00:00 · 99bf8f29be
commit 99bf8f29be
parent 30d8a8b33b
5 changed files with 17 additions and 7 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -8041,7 +8041,6 @@ dependencies = [
 "image",
 "landlock",
 "lettre",
- "libc",
 "mail-parser",
 "matrix-sdk",
 "mime_guess",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -179,10 +179,6 @@ wa-rs-tokio-transport = { version = "0.2", optional = true, default-features = f
 rppal = { version = "0.22", optional = true }
 landlock = { version = "0.4", optional = true }

-# Unix-specific dependencies (for root check, etc.)
-[target.'cfg(unix)'.dependencies]
-libc = "0.2"
-
 [features]
 default = []
 hardware = ["nusb", "tokio-serial"]
--- a/src/lib.rs
+++ b/src/lib.rs
@ -1,4 +1,5 @@
 #![warn(clippy::all, clippy::pedantic)]
+#![forbid(unsafe_code)]
 #![allow(
    clippy::assigning_clones,
    clippy::bool_to_int_with_if,
--- a/src/main.rs
+++ b/src/main.rs
@ -1,4 +1,5 @@
 #![warn(clippy::all, clippy::pedantic)]
+#![forbid(unsafe_code)]
 #![allow(
    clippy::assigning_clones,
    clippy::bool_to_int_with_if,
--- a/src/service/mod.rs
+++ b/src/service/mod.rs
@ -457,7 +457,7 @@ fn install_linux_systemd(config: &Config) -> Result<()> {
 /// Check if the current process is running as root (Unix only)
 #[cfg(unix)]
 fn is_root() -> bool {
-    unsafe { libc::getuid() == 0 }
+    current_uid() == Some(0)
 }

 #[cfg(not(unix))]
@ -465,6 +465,19 @@ fn is_root() -> bool {
    false
 }

+#[cfg(unix)]
+fn current_uid() -> Option<u32> {
+    let output = Command::new("id").arg("-u").output().ok()?;
+    if !output.status.success() {
+        return None;
+    }
+
+    String::from_utf8_lossy(&output.stdout)
+        .trim()
+        .parse::<u32>()
+        .ok()
+}
+
 /// Check if the zeroclaw user exists and has expected properties.
 /// Returns Ok if user doesn't exist (OpenRC will handle creation or fail gracefully).
 /// Returns error if user exists but has unexpected properties.
@ -1168,7 +1181,7 @@ mod tests {
    #[cfg(unix)]
    #[test]
    fn is_root_matches_system_uid() {
-        assert_eq!(is_root(), unsafe { libc::getuid() == 0 });
+        assert_eq!(is_root(), current_uid() == Some(0));
    }

    #[test]