Hi,
here is a patch that drops potential euid privileges before exec'ing the
target program. This allows to setuid unshare.
Signed-off-by: Martin Pohlack <mp26@xxxxxxxxxxxxxxxxxxxx>
diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c
index df75d17..1c25d71 100644
--- a/sys-utils/unshare.c
+++ b/sys-utils/unshare.c
@@ -113,6 +113,12 @@ int main(int argc, char *argv[])
if(-1 == unshare(unshare_flags))
err(EXIT_FAILURE, _("unshare failed"));
+ /* drop potential root euid/egid if we had been setuid'd */
+ while (0 != setuid(getuid()))
+ ;
+ while (0 != setgid(getgid()))
+ ;
+
execvp(argv[optind], argv + optind);
err(EXIT_FAILURE, _("exec %s failed"), argv[optind]);
