unshare: drop potential euid privileges before exec

This patch drops potential euid privileges before executing the target program. This allows to setuid unshare. The unshare(1) is still distributed as non-setuid program. Based on patch from Martin Pohlack <mp26@os.inf.tu-dresden.de>. Signed-off-by: Karel Zak <kzak@redhat.com>
author: Karel Zak 2010-05-06 09:59:16 +0200
committer: Karel Zak 2010-05-06 09:59:16 +0200
commit: 3f1be691da4da51d3709ae26d4ad32edf163a195 (patch)
tree: 80aab90dc0aa5b723ff0b1cf9d196d6020410c24 /sys-utils/unshare.c
parent: ionice: non-cryptic error message when ionice can't execvp (diff)
download: kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.tar.gz
kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.tar.xz
kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c
index df75d1776..6b6177c54 100644
--- a/sys-utils/unshare.c
+++ b/sys-utils/unshare.c
@@ -113,6 +113,13 @@ int main(int argc, char *argv[])
 	if(-1 == unshare(unshare_flags))
 		err(EXIT_FAILURE, _("unshare failed"));
 
+	/* drop potential root euid/egid if we had been setuid'd */
+	if (setgid(getgid()) < 0)
+		err(EXIT_FAILURE, _("cannot set group id"));
+
+	if (setuid(getuid()) < 0)
+		err(EXIT_FAILURE, _("cannot set user id"));
+
 	execvp(argv[optind], argv + optind);
 
 	err(EXIT_FAILURE, _("exec %s failed"), argv[optind]);
author	Karel Zak	2010-05-06 09:59:16 +0200
committer	Karel Zak	2010-05-06 09:59:16 +0200
commit	3f1be691da4da51d3709ae26d4ad32edf163a195 (patch)
tree	80aab90dc0aa5b723ff0b1cf9d196d6020410c24 /sys-utils/unshare.c
parent	ionice: non-cryptic error message when ionice can't execvp (diff)
download	kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.tar.gz kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.tar.xz kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.zip