In do_spawn, We call seteuid() prior to calling setegid() which means
that, when we're using an unprivileged uid, we won't have permissions
to set the effective group anymore.
We also don't touch the group memberships so the permissions used to
open the directory will will include all of root's supplementary groups
and none of the user's.
This patch reverses the ordering and uses initgroups() to reset the
supplementary groups to the unprivileged user's groups.
Signed-off-by: Jeff Mahoney <jeffm@xxxxxxxx>
---
daemon/spawn.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/daemon/spawn.c b/daemon/spawn.c
index c640d97..62e9f02 100644
--- a/daemon/spawn.c
+++ b/daemon/spawn.c
@@ -20,6 +20,7 @@
#include <string.h>
#include <sys/types.h>
#include <dirent.h>
+#include <grp.h>
#include <time.h>
#include <poll.h>
#include <sys/wait.h>
@@ -195,8 +196,18 @@ static int do_spawn(unsigned logopt, unsigned int wait,
* program group to trigger mount
*/
if (euid) {
- seteuid(euid);
- setegid(egid);
+ if (initgroups(tsv->user, egid) == -1)
+ fprintf(stderr,
+ "warning: initgroups: %s\n",
+ strerror(errno));
+ if (setegid(egid) == -1)
+ fprintf(stderr,
+ "warning: setegid: %s\n",
+ strerror(errno));
+ if (seteuid(euid) == -1)
+ fprintf(stderr,
+ "warning: seteuid: %s\n",
+ strerror(errno));
}
setpgrp();
--
To unsubscribe from this list: send the line "unsubscribe autofs" in
