Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
autofs.6209
autofs-5-1-3-fix-ordering-of-seteuid-setegid-in...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch of Package autofs.6209
From: Jeff Mahoney <jeffm@suse.com> Subject: autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn Git-commit: 6343a32920204b1a8f6935b7f40254e230cde155 Patch-mainline: 5.1.4 References: bsc#1062482 In do_spawn, We call seteuid() prior to calling setegid() which means that, when we're using an unprivileged uid, we won't have permissions to set the effective group anymore. We also don't touch the group memberships so the permissions used to open the directory will will include all of root's supplementary groups and none of the user's. This patch reverses the ordering and uses initgroups() to reset the supplementary groups to the unprivileged user's groups. Signed-off-by: Jeff Mahoney <jeffm@suse.com> --- daemon/spawn.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) --- a/daemon/spawn.c +++ b/daemon/spawn.c @@ -20,6 +20,7 @@ #include <string.h> #include <sys/types.h> #include <dirent.h> +#include <grp.h> #include <time.h> #include <poll.h> #include <sys/wait.h> @@ -188,8 +189,18 @@ static int do_spawn(unsigned logopt, uns * program group to trigger mount */ if (euid) { - seteuid(euid); - setegid(egid); + if (initgroups(tsv->user, egid) == -1) + fprintf(stderr, + "warning: initgroups: %s\n", + strerror(errno)); + if (setegid(egid) == -1) + fprintf(stderr, + "warning: setegid: %s\n", + strerror(errno)); + if (seteuid(euid) == -1) + fprintf(stderr, + "warning: seteuid: %s\n", + strerror(errno)); } setpgrp();
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor