aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2016-01-24 16:49:01 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2016-01-24 16:49:01 +0100
commit7c903a4e1b6c9d0055e0877df3cba0ce01e83761 (patch)
treebf4f9112cccf949d657f208b86e2bf49eac5c4a5
parent8f35a2e49b95ace03015e0df02825e3f8e2f8572 (diff)
launch: counter effect of set-gid
Change-Id: I9430737c7d86cf6f7a14463f918af36314e41ec9 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--src/afm-launch.c24
-rw-r--r--src/afm-launch.h1
2 files changed, 24 insertions, 1 deletions
diff --git a/src/afm-launch.c b/src/afm-launch.c
index a66004b..f2a5065 100644
--- a/src/afm-launch.c
+++ b/src/afm-launch.c
@@ -104,6 +104,8 @@ struct launchparam {
const char **slave_args;
};
+static gid_t groupid = 0;
+
static char **instantiate_arguments(const char **args, struct afm_launch_desc *desc, struct launchparam *params)
{
const char **iter, *p, *v;
@@ -210,6 +212,10 @@ static int launchexec1(struct afm_launch_desc *desc, pid_t children[2], struct l
}
/********* in the master child ************/
+
+ /* avoid set-gid effect */
+ setresgid(groupid, groupid, groupid);
+
/* enter the process group */
rc = setpgid(0, 0);
if (rc) {
@@ -308,6 +314,9 @@ static int launchexec2(struct afm_launch_desc *desc, pid_t children[2], struct l
close(mpipe[0]);
close(spipe[1]);
+ /* avoid set-gid effect */
+ setresgid(groupid, groupid, groupid);
+
/* enter the process group */
rc = setpgid(0, 0);
if (rc) {
@@ -380,6 +389,18 @@ static int launchexec2(struct afm_launch_desc *desc, pid_t children[2], struct l
_exit(1);
}
+static void afm_launch_init_group()
+{
+ if (!groupid) {
+ gid_t r, e, s;
+ getresgid(&r, &e, &s);
+ if (s && s != e)
+ groupid = s;
+ else
+ groupid = -1;
+ }
+}
+
int afm_launch(struct afm_launch_desc *desc, pid_t children[2])
{
char datadir[PATH_MAX];
@@ -387,6 +408,9 @@ int afm_launch(struct afm_launch_desc *desc, pid_t children[2])
char secret[9];
struct launchparam params;
+ /* static init */
+ afm_launch_init_group();
+
/* what launcher ? */
ikl = 0;
if (desc->type != NULL && *desc->type) {
diff --git a/src/afm-launch.h b/src/afm-launch.h
index c6aaf49..8990901 100644
--- a/src/afm-launch.h
+++ b/src/afm-launch.h
@@ -30,4 +30,3 @@ struct afm_launch_desc {
};
int afm_launch(struct afm_launch_desc *desc, pid_t children[2]);
-