On 19/10/17 04:57, Jeff Mahoney wrote:
> In do_spawn, We call seteuid() prior to calling setegid() which means
> that, when we're using an unprivileged uid, we won't have permissions
> to set the effective group anymore.
>
> We also don't touch the group memberships so the permissions used to
> open the directory will will include all of root's supplementary groups
> and none of the user's.
>
> This patch reverses the ordering and uses initgroups() to reset the
> supplementary groups to the unprivileged user's groups.
>
> Signed-off-by: Jeff Mahoney <jeffm@xxxxxxxx>
> ---
> daemon/spawn.c | 15 +++++++++++++--
> 1 file changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/daemon/spawn.c b/daemon/spawn.c
> index c640d97..62e9f02 100644
> --- a/daemon/spawn.c
> +++ b/daemon/spawn.c
> @@ -20,6 +20,7 @@
> #include <string.h>
> #include <sys/types.h>
> #include <dirent.h>
> +#include <grp.h>
> #include <time.h>
> #include <poll.h>
> #include <sys/wait.h>
> @@ -195,8 +196,18 @@ static int do_spawn(unsigned logopt, unsigned int wait,
> * program group to trigger mount
> */
> if (euid) {
> - seteuid(euid);
> - setegid(egid);
> + if (initgroups(rsv->user, egid) == -1)
I've changed this to use tsv as that's what it is in my source.
Also I added a NULL check on tsv->user, it should be set but you never know.
Other than that, thanks Jeff.
> + fprintf(stderr,
> + "warning: initgroups: %s\n",
> + strerror(errno));
> + if (setegid(egid) == -1)
> + fprintf(stderr,
> + "warning: setegid: %s\n",
> + strerror(errno));
> + if (seteuid(euid) == -1)
> + fprintf(stderr,
> + "warning: seteuid: %s\n",
> + strerror(errno));
> }
> setpgrp();
>
>
>
--
To unsubscribe from this list: send the line "unsubscribe autofs" in
