On Thu, Apr 25, 2013 at 09:11:40PM +0200, Richard Weinberger wrote:
> + if (namespaces & CLONE_NEWUSER) {
> + if (set_uid)
> + if (setuid(uid) < 0)
> + err(EXIT_FAILURE, _("setuid failed"));
> + if (set_gid)
> + if (setgid(gid) < 0)
> + err(EXIT_FAILURE, _("setgid failed"));
Ah.. we make a bug here, it has to be in reverse order (gid and then uid).
The another question is what about supplementary groups? Do we care
about it? If yes, we need initgroups(), otherwise it would be
probably better to drop all by setgroups(0, NULL).
I guess it's over-engineering to try to reimplement su(1) within nsenter,
so drop the supplementary group is the right way.
Karel
--
Karel Zak <kzak@xxxxxxxxxx>
http://karelzak.blogspot.com
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
