[lockdev-devel] [PATCH 3/4] also swap uids in case we're called by a setuid program

Tue Mar 2 09:22:24 UTC 2010

---
 src/lockdev.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/lockdev.c b/src/lockdev.c
index 3231ab0..d4319ce 100644
--- a/src/lockdev.c
+++ b/src/lockdev.c
@@ -943,8 +943,9 @@ static int _spawn_helper(const char * argv[])
 	dup2(fd, 1);
 	dup2(fd, 2);
 	close(fd);
-	/* Swap egid and gid for lockdev's access(2) device check. */
+	/* Swap real and effective ids for lockdev's access(2) device check. */
 	setregid(getegid(), getgid());
+	setreuid(geteuid(), getuid());
 	execv(argv[0], (char *const *)argv);
 	exit(-1);
     }
-- 
1.6.4.2


