On Tue, May 04, 2010 at 10:03:42PM +0200, Martin Pohlack wrote:
> here is a patch that drops potential euid privileges before exec'ing the
> target program. This allows to setuid unshare.
Applied a little different version (see below). Thanks.
> diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c
> index df75d17..1c25d71 100644
> --- a/sys-utils/unshare.c
> +++ b/sys-utils/unshare.c
> @@ -113,6 +113,12 @@ int main(int argc, char *argv[])
> if(-1 == unshare(unshare_flags))
> err(EXIT_FAILURE, _("unshare failed"));
>
> + /* drop potential root euid/egid if we had been setuid'd */
> + while (0 != setuid(getuid()))
> + ;
> + while (0 != setgid(getgid()))
> + ;
I don't understand why you have while() here.
Anyway, there is more serious problem -- you have to call
setgid() before setuid(), otherwise saved-GID will be unchanged.
For example read:
https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
Karel
>From 3f1be691da4da51d3709ae26d4ad32edf163a195 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@xxxxxxxxxx>
Date: Thu, 6 May 2010 09:59:16 +0200
Subject: [PATCH] unshare: drop potential euid privileges before exec
This patch drops potential euid privileges before executing the target
program. This allows to setuid unshare.
The unshare(1) is still distributed as non-setuid program.
Based on patch from Martin Pohlack <mp26@xxxxxxxxxxxxxxxxxxxx>.
Signed-off-by: Karel Zak <kzak@xxxxxxxxxx>
---
sys-utils/unshare.1 | 3 +++
sys-utils/unshare.c | 7 +++++++
2 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/sys-utils/unshare.1 b/sys-utils/unshare.1
index 31fcfde..06e4ac2 100644
--- a/sys-utils/unshare.1
+++ b/sys-utils/unshare.1
@@ -47,6 +47,9 @@ Unshare the IPC namespace,
.TP
.BR \-n , " \-\-net"
Unshare the network namespace.
+.SH NOTES
+The unshare command drops potential privileges before executing the
+target program. This allows to setuid unshare.
.SH SEE ALSO
unshare(2), clone(2)
.SH BUGS
diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c
index df75d17..6b6177c 100644
--- a/sys-utils/unshare.c
+++ b/sys-utils/unshare.c
@@ -113,6 +113,13 @@ int main(int argc, char *argv[])
if(-1 == unshare(unshare_flags))
err(EXIT_FAILURE, _("unshare failed"));
+ /* drop potential root euid/egid if we had been setuid'd */
+ if (setgid(getgid()) < 0)
+ err(EXIT_FAILURE, _("cannot set group id"));
+
+ if (setuid(getuid()) < 0)
+ err(EXIT_FAILURE, _("cannot set user id"));
+
execvp(argv[optind], argv + optind);
err(EXIT_FAILURE, _("exec %s failed"), argv[optind]);
--
1.6.6.1
--
To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
