On 06.05.2010 10:44, Karel Zak wrote:
> On Tue, May 04, 2010 at 10:03:42PM +0200, Martin Pohlack wrote:
>> here is a patch that drops potential euid privileges before exec'ing the
>> target program. This allows to setuid unshare.
>
> Applied a little different version (see below). Thanks.
>
>> diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c
>> index df75d17..1c25d71 100644
>> --- a/sys-utils/unshare.c
>> +++ b/sys-utils/unshare.c
>> @@ -113,6 +113,12 @@ int main(int argc, char *argv[])
>> if(-1 == unshare(unshare_flags))
>> err(EXIT_FAILURE, _("unshare failed"));
>>
>> + /* drop potential root euid/egid if we had been setuid'd */
>> + while (0 != setuid(getuid()))
>> + ;
>> + while (0 != setgid(getgid()))
>> + ;
>
> I don't understand why you have while() here.
I was looking at
http://c-skills.blogspot.com/2008/01/evilness-of-setuidgetuid.html and
thought to catch EAGAIN with the while.
> Anyway, there is more serious problem -- you have to call
> setgid() before setuid(), otherwise saved-GID will be unchanged.
>
> For example read:
> https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
Interesting, thanks for sharing.
Martin
--
To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
