[Pkg-shadow-commits] r3573 - in upstream/trunk: . libmisc
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Fri Nov 11 12:09:58 UTC 2011
Author: nekral-guest
Date: 2011-11-11 12:09:58 +0000 (Fri, 11 Nov 2011)
New Revision: 3573
Modified:
upstream/trunk/ChangeLog
upstream/trunk/libmisc/root_flag.c
Log:
* libmisc/root_flag.c: Drop privileges before changing root. The
--root option should not be used by regular users for suid utils.
* libmisc/root_flag.c: Improve error messages.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2011-11-11 12:00:05 UTC (rev 3572)
+++ upstream/trunk/ChangeLog 2011-11-11 12:09:58 UTC (rev 3573)
@@ -1,5 +1,11 @@
2011-11-11 Nicolas François <nicolas.francois at centraliens.net>
+ * libmisc/root_flag.c: Drop privileges before changing root. The
+ --root option should not be used by regular users for suid utils.
+ * libmisc/root_flag.c: Improve error messages.
+
+2011-11-11 Nicolas François <nicolas.francois at centraliens.net>
+
* src/pwck.c: Compile fix for TCB.
2011-11-11 Nicolas François <nicolas.francois at centraliens.net>
Modified: upstream/trunk/libmisc/root_flag.c
===================================================================
--- upstream/trunk/libmisc/root_flag.c 2011-11-11 12:00:05 UTC (rev 3572)
+++ upstream/trunk/libmisc/root_flag.c 2011-11-11 12:09:58 UTC (rev 3573)
@@ -83,6 +83,14 @@
static void change_root (const char* newroot)
{
+ /* Drop privileges */
+ if ( (setregid (rgid, rgid) != 0)
+ || (setreuid (ruid, ruid) != 0)) {
+ fprintf (stderr, _("%s: failed to drop privileges (%s)\n"),
+ Prog, strerror (errno));
+ exit (EXIT_FAILURE);
+ }
+
if ('/' != newroot[0]) {
fprintf (stderr,
_("%s: invalid chroot path '%s'\n"),
@@ -92,14 +100,14 @@
if (access (newroot, F_OK) != 0) {
fprintf(stderr,
- _("%s: chroot directory %s does not exist\n"),
- Prog, newroot);
+ _("%s: cannot access chroot directory %s: %s\n"),
+ Prog, newroot, strerror (errno));
exit (E_BAD_ARG);
}
if (chroot (newroot) != 0) {
fprintf(stderr,
- _("%s: unable to chroot to directory %s\n"),
- Prog, newroot);
+ _("%s: unable to chroot to directory %s: %s\n"),
+ Prog, newroot, strerror (errno));
exit (E_BAD_ARG);
}
}
More information about the Pkg-shadow-commits
mailing list