[lockdev-devel] [PATCH 3/4] also swap uids in case we're called by a setuid program
Ludwig Nussel
ludwig.nussel at suse.de
Tue Mar 2 09:22:24 UTC 2010
---
src/lockdev.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/lockdev.c b/src/lockdev.c
index 3231ab0..d4319ce 100644
--- a/src/lockdev.c
+++ b/src/lockdev.c
@@ -943,8 +943,9 @@ static int _spawn_helper(const char * argv[])
dup2(fd, 1);
dup2(fd, 2);
close(fd);
- /* Swap egid and gid for lockdev's access(2) device check. */
+ /* Swap real and effective ids for lockdev's access(2) device check. */
setregid(getegid(), getgid());
+ setreuid(geteuid(), getuid());
execv(argv[0], (char *const *)argv);
exit(-1);
}
--
1.6.4.2
More information about the lockdev-devel
mailing list