swapon(8) is not expected to be setuid binary, but if it is try to avoid
obvious security vulnerability of executing user preferred mkswap file as
someone else, such as root.
Signed-off-by: Sami Kerola <kerolasa@xxxxxx>
---
sys-utils/swapon.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sys-utils/swapon.c b/sys-utils/swapon.c
index 5ad5cd1..be8f771 100644
--- a/sys-utils/swapon.c
+++ b/sys-utils/swapon.c
@@ -297,6 +297,10 @@ static int swap_reinitialize(struct swapon_ctl *ctl)
char const *cmd[7];
int idx=0;
+ if (geteuid() != getuid()) {
+ warnx(_("will not execute mkswap when swapon is setuid binary"));
+ return -1;
+ }
warnx(_("%s: reinitializing the swap."), ctl->device);
switch((pid=fork())) {
--
2.7.0
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
