From eac478dcfd6ab8f3eb1ed1acbcb872573da02a0f Mon Sep 17 00:00:00 2001
From: Karel Zak
Date: Thu, 11 Feb 2016 12:07:34 +0100
Subject: swapon: drop perms if setuid before call mkswap

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 sys-utils/swapon.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'sys-utils/swapon.c')

diff --git a/sys-utils/swapon.c b/sys-utils/swapon.c
index 7d68c42d7..914e69ad4 100644
--- a/sys-utils/swapon.c
+++ b/sys-utils/swapon.c
@@ -295,10 +295,6 @@ static int swap_reinitialize(struct swapon_ctl *ctl)
 	char const *cmd[7];
 	int idx=0;
 
-	if (geteuid() != getuid()) {
-		warnx(_("will not execute mkswap when swapon is setuid binary"));
-		return -1;
-	}
 	warnx(_("%s: reinitializing the swap."), ctl->device);
 
 	switch ((pid=fork())) {
@@ -307,6 +303,14 @@ static int swap_reinitialize(struct swapon_ctl *ctl)
 		return -1;
 
 	case 0:	/* child */
+		if (geteuid() != getuid()) {
+			/* in case someone uses swapon as setuid binary */
+			if (setgid(getgid()) < 0)
+				exit(EXIT_FAILURE);
+			if (setuid(getuid()) < 0)
+				exit(EXIT_FAILURE);
+		}
+
 		cmd[idx++] = "mkswap";
 		if (ctl->label) {
 			cmd[idx++] = "-L";
-- 
cgit v1.2.3-55-g7522