Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
autofs.34435
autofs-5-1-3-fix-ordering-of-seteuid-setegid-in...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch of Package autofs.34435
From: Jeff Mahoney <jeffm@suse.com> Subject: autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn Patch-mainline: Submitted, http://www.spinics.net/lists/autofs/msg01749.html References: bsc#1062482 In do_spawn, We call seteuid() prior to calling setegid() which means that, when we're using an unprivileged uid, we won't have permissions to set the effective group anymore. We also don't touch the group memberships so the permissions used to open the directory will will include all of root's supplementary groups and none of the user's. This patch reverses the ordering and uses initgroups() to reset the supplementary groups to the unprivileged user's groups. Signed-off-by: Jeff Mahoney <jeffm@suse.com> --- daemon/spawn.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/daemon/spawn.c b/daemon/spawn.c index c640d97..62e9f02 100644 --- a/daemon/spawn.c +++ b/daemon/spawn.c @@ -20,6 +20,7 @@ #include <string.h> #include <sys/types.h> #include <dirent.h> +#include <grp.h> #include <time.h> #include <poll.h> #include <sys/wait.h> @@ -195,8 +196,18 @@ static int do_spawn(unsigned logopt, unsigned int wait, * program group to trigger mount */ if (euid) { - seteuid(euid); - setegid(egid); + if (initgroups(tsv->user, egid) == -1) + fprintf(stderr, + "warning: initgroups: %s\n", + strerror(errno)); + if (setegid(egid) == -1) + fprintf(stderr, + "warning: setegid: %s\n", + strerror(errno)); + if (seteuid(euid) == -1) + fprintf(stderr, + "warning: seteuid: %s\n", + strerror(errno)); } setpgrp();
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor