diff options
author | José Bollo <jose.bollo@iot.bzh> | 2016-01-24 16:49:01 +0100 |
---|---|---|
committer | José Bollo <jose.bollo@iot.bzh> | 2016-01-24 16:49:01 +0100 |
commit | 7c903a4e1b6c9d0055e0877df3cba0ce01e83761 (patch) | |
tree | bf4f9112cccf949d657f208b86e2bf49eac5c4a5 | |
parent | 8f35a2e49b95ace03015e0df02825e3f8e2f8572 (diff) |
launch: counter effect of set-gid
Change-Id: I9430737c7d86cf6f7a14463f918af36314e41ec9
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r-- | src/afm-launch.c | 24 | ||||
-rw-r--r-- | src/afm-launch.h | 1 |
2 files changed, 24 insertions, 1 deletions
diff --git a/src/afm-launch.c b/src/afm-launch.c index a66004b..f2a5065 100644 --- a/src/afm-launch.c +++ b/src/afm-launch.c @@ -104,6 +104,8 @@ struct launchparam { const char **slave_args; }; +static gid_t groupid = 0; + static char **instantiate_arguments(const char **args, struct afm_launch_desc *desc, struct launchparam *params) { const char **iter, *p, *v; @@ -210,6 +212,10 @@ static int launchexec1(struct afm_launch_desc *desc, pid_t children[2], struct l } /********* in the master child ************/ + + /* avoid set-gid effect */ + setresgid(groupid, groupid, groupid); + /* enter the process group */ rc = setpgid(0, 0); if (rc) { @@ -308,6 +314,9 @@ static int launchexec2(struct afm_launch_desc *desc, pid_t children[2], struct l close(mpipe[0]); close(spipe[1]); + /* avoid set-gid effect */ + setresgid(groupid, groupid, groupid); + /* enter the process group */ rc = setpgid(0, 0); if (rc) { @@ -380,6 +389,18 @@ static int launchexec2(struct afm_launch_desc *desc, pid_t children[2], struct l _exit(1); } +static void afm_launch_init_group() +{ + if (!groupid) { + gid_t r, e, s; + getresgid(&r, &e, &s); + if (s && s != e) + groupid = s; + else + groupid = -1; + } +} + int afm_launch(struct afm_launch_desc *desc, pid_t children[2]) { char datadir[PATH_MAX]; @@ -387,6 +408,9 @@ int afm_launch(struct afm_launch_desc *desc, pid_t children[2]) char secret[9]; struct launchparam params; + /* static init */ + afm_launch_init_group(); + /* what launcher ? */ ikl = 0; if (desc->type != NULL && *desc->type) { diff --git a/src/afm-launch.h b/src/afm-launch.h index c6aaf49..8990901 100644 --- a/src/afm-launch.h +++ b/src/afm-launch.h @@ -30,4 +30,3 @@ struct afm_launch_desc { }; int afm_launch(struct afm_launch_desc *desc, pid_t children[2]); - |