feat: tedge diag collect security enhancement

[rina23q]

Proposed changes

To enhance the security, if the process is run by root, the plugin must meet those conditions:

• owned by root
• not writable by other users

Otherwise, these files will be skipped.

warning: Skipping file: /setup/diag-plugins/owned_by_non_root.sh (not owned by root)
warning: Skipping file: /setup/diag-plugins/writable_by_other_users.sh (writable by non-root users)

(P.S. This is the last follow-up task for tedge diag collect!)

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Improvement (general improvements like code refactoring that doesn't explicitly fix a bug or add any new functionality)
• Documentation Update (if none of the other choices apply)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Paste Link to the issue

#3646

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA (in all commits with git commit -s. You can activate automatic signing by running just prepare-dev once)
• I ran just format as mentioned in CODING_GUIDELINES
• I used just check as mentioned in CODING_GUIDELINES
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Further comments

[codecov]

Codecov Report

Attention: Patch coverage is 60.60606% with 13 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
crates/core/tedge/src/cli/diag/collect.rs	60.60%	10 Missing and 3 partials ⚠️

📢 Thoughts on this report? Let us know!

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Robot Results

✅ Passed	❌ Failed	⏭️ Skipped	Total	Pass %	⏱️ Duration
652	0	3	652	100	1h53m1.390300999s

[albinsuresh]

Do we really need the additional uzers crate to fetch the uid? Could have fetched it from MetadataExt, right?

[didier-wenzek]

Do we really need the additional uzers crate to fetch the uid? Could have fetched it from MetadataExt, right?

The point is to get the id of the current user, not the id of the file owner.

As two kinds of user id are used here, I would be explicit:

Suggested change

	if get_current_uid() == 0 {
	if uzers.get_current_uid() == 0 {

[rina23q]

The point is to get the id of the current user, not the id of the file owner.

This is correct.

Changed as suggested in 8b7b787

[albinsuresh]

I didn't really understand the reasoning behind this restriction. Even the one above. What if the normal user on the device created the script? Why reject that? Do we have similar restrictions for the software management plugins as well?

[didier-wenzek]

The goal is to prevent a user from misleading the root user, i.e. to write a malware script that would be executed with admin privileges by sudo tedge diag collect.

Software management plugins are not executed directly by the agent but delegated to sudo.

[didier-wenzek]

Do we really need the additional uzers crate to fetch the uid? Could have fetched it from MetadataExt, right?

The point is to get the id of the current user, not the id of the file owner.

As two kinds of user id are used here, I would be explicit:

Suggested change

	if get_current_uid() == 0 {
	if uzers.get_current_uid() == 0 {

[didier-wenzek]

Approved

[albinsuresh]

LGTM