diff options
author | Karel Zak | 2010-05-06 09:59:16 +0200 |
---|---|---|
committer | Karel Zak | 2010-05-06 09:59:16 +0200 |
commit | 3f1be691da4da51d3709ae26d4ad32edf163a195 (patch) | |
tree | 80aab90dc0aa5b723ff0b1cf9d196d6020410c24 /sys-utils/unshare.1 | |
parent | ionice: non-cryptic error message when ionice can't execvp (diff) | |
download | kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.tar.gz kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.tar.xz kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.zip |
unshare: drop potential euid privileges before exec
This patch drops potential euid privileges before executing the target
program. This allows to setuid unshare.
The unshare(1) is still distributed as non-setuid program.
Based on patch from Martin Pohlack <mp26@os.inf.tu-dresden.de>.
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'sys-utils/unshare.1')
-rw-r--r-- | sys-utils/unshare.1 | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys-utils/unshare.1 b/sys-utils/unshare.1 index 31fcfde74..06e4ac205 100644 --- a/sys-utils/unshare.1 +++ b/sys-utils/unshare.1 @@ -47,6 +47,9 @@ Unshare the IPC namespace, .TP .BR \-n , " \-\-net" Unshare the network namespace. +.SH NOTES +The unshare command drops potential privileges before executing the +target program. This allows to setuid unshare. .SH SEE ALSO unshare(2), clone(2) .SH BUGS |