diff options
author | Rian Hunter | 2018-10-13 04:45:06 +0200 |
---|---|---|
committer | Karel Zak | 2018-11-30 10:25:04 +0100 |
commit | e101a9eb0fab6725e0a239a92f9b50822c494a3e (patch) | |
tree | 9866e49f670b8054bfe6fe171a98e49ee1e70097 /libmount/src/context_umount.c | |
parent | blkid: fix usage() (diff) | |
download | kernel-qcow2-util-linux-e101a9eb0fab6725e0a239a92f9b50822c494a3e.tar.gz kernel-qcow2-util-linux-e101a9eb0fab6725e0a239a92f9b50822c494a3e.tar.xz kernel-qcow2-util-linux-e101a9eb0fab6725e0a239a92f9b50822c494a3e.zip |
lib/canonicalize: do restricted canonicalize in a subprocess
Accessing FUSE mounts require suid/sgid (saved uid) to be equal to the
owner of the mount. If mount is running as a setuid process, swapping
creds by only setting the euid/egid isn't enough to change the
suid/sgid as well. We must do a full setuid()/setgid(), but that
removes our ability to re-assume the identity of the original
euid. The solution is swap creds in a child process, preserving the
creds of the parent.
[kzak@redhat.com: - use switch() rather than if() for fork
- use all-io.h
- close unused pipe[] ends
- be more strict about used types]
Addresses: https://github.com/karelzak/util-linux/pull/705
Co-Author: Karel Zak <kzak@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'libmount/src/context_umount.c')
0 files changed, 0 insertions, 0 deletions