diff options
author | Karel Zak | 2010-05-06 09:59:16 +0200 |
---|---|---|
committer | Karel Zak | 2010-05-06 09:59:16 +0200 |
commit | 3f1be691da4da51d3709ae26d4ad32edf163a195 (patch) | |
tree | 80aab90dc0aa5b723ff0b1cf9d196d6020410c24 /sys-utils/unshare.c | |
parent | ionice: non-cryptic error message when ionice can't execvp (diff) | |
download | kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.tar.gz kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.tar.xz kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.zip |
unshare: drop potential euid privileges before exec
This patch drops potential euid privileges before executing the target
program. This allows to setuid unshare.
The unshare(1) is still distributed as non-setuid program.
Based on patch from Martin Pohlack <mp26@os.inf.tu-dresden.de>.
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'sys-utils/unshare.c')
-rw-r--r-- | sys-utils/unshare.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c index df75d1776..6b6177c54 100644 --- a/sys-utils/unshare.c +++ b/sys-utils/unshare.c @@ -113,6 +113,13 @@ int main(int argc, char *argv[]) if(-1 == unshare(unshare_flags)) err(EXIT_FAILURE, _("unshare failed")); + /* drop potential root euid/egid if we had been setuid'd */ + if (setgid(getgid()) < 0) + err(EXIT_FAILURE, _("cannot set group id")); + + if (setuid(getuid()) < 0) + err(EXIT_FAILURE, _("cannot set user id")); + execvp(argv[optind], argv + optind); err(EXIT_FAILURE, _("exec %s failed"), argv[optind]); |