Let the map program run under the UID of the calling user.
This enables the map program e.g. to access user credentials
for obtaining a map.
---
modules/lookup_program.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/modules/lookup_program.c b/modules/lookup_program.c
index 2457108..68700ce 100644
--- a/modules/lookup_program.c
+++ b/modules/lookup_program.c
@@ -244,6 +244,7 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
close(epipefd[1]);
goto out_free;
} else if (f == 0) {
+ struct thread_stdenv_vars *tsv;
reset_signals();
close(pipefd[0]);
close(epipefd[0]);
@@ -255,6 +256,13 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
warn(ap->logopt,
MODPREFIX "failed to set PWD to %s for map %s",
ap->path, ctxt->mapname);
+ tsv = pthread_getspecific(key_thread_stdenv_vars);
+ if (tsv && tsv->uid != 0) {
+ /* Must use setuid() here because invoking bash will
+ * set euid = ruid otherwise
+ */
+ setuid(tsv->uid);
+ }
execl(ctxt->mapname, ctxt->mapname, name, NULL);
_exit(255); /* execl() failed */
}
--
1.8.1
--
To unsubscribe from this list: send the line "unsubscribe autofs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
