File autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch of Package autofs.14028

From: Jeff Mahoney <jeffm@suse.com>
Subject: autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn
Git-commit: 6343a32920204b1a8f6935b7f40254e230cde155
Patch-mainline: 5.1.4
References: bsc#1062482

In do_spawn, We call seteuid() prior to calling setegid() which means
that, when we're using an unprivileged uid, we won't have permissions
to set the effective group anymore.

We also don't touch the group memberships so the permissions used to
open the directory will will include all of root's supplementary groups
and none of the user's.

This patch reverses the ordering and uses initgroups() to reset the
supplementary groups to the unprivileged user's groups.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 daemon/spawn.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

--- a/daemon/spawn.c
+++ b/daemon/spawn.c
@@ -20,6 +20,7 @@
 #include <string.h>
 #include <sys/types.h>
 #include <dirent.h>
+#include <grp.h>
 #include <time.h>
 #include <poll.h>
 #include <sys/wait.h>
@@ -188,8 +189,18 @@ static int do_spawn(unsigned logopt, uns
 			 * program group to trigger mount
 			 */
 			if (euid) {
-				seteuid(euid);
-				setegid(egid);
+				if (initgroups(tsv->user, egid) == -1)
+					fprintf(stderr,
+						"warning: initgroups: %s\n",
+						strerror(errno));
+				if (setegid(egid) == -1)
+					fprintf(stderr,
+						"warning: setegid: %s\n",
+						strerror(errno));
+				if (seteuid(euid) == -1)
+					fprintf(stderr,
+						"warning: seteuid: %s\n",
+						strerror(errno));
 			}
 			setpgrp();
openSUSE Build Service is sponsored by