Commit 32e9809c authored by Niels Möller's avatar Niels Möller
Browse files

* src/unix_user.c (do_read_file): Set the process gid, and reset

the supplimentary groups list, before opening the file.

Rev: src/unix_user.c:1.60
parent 41d40066
......@@ -513,10 +513,31 @@ do_read_file(struct lsh_user *u,
int fd;
close(out[0]);
if ( (me != user->super.uid) && (seteuid(user->super.uid) < 0) )
if (me != user->super.uid)
{
werror("unix_user.c: do_read_file: setuid failed %e\n", errno);
_exit(EXIT_FAILURE);
/* We need to change our persona. We can't change out real
* uid, though, as that might let user processes send
* signals to us. */
if (setgid(user->gid) < 0)
{
werror("unix_user.c: do_read_file: setgid failed %e\n", errno);
_exit(EXIT_FAILURE);
}
/* For simplicity, ignore the user's supplimentary groups.
* They shouldn't be needed to get access to files under
* ~/.lsh. */
if (setgroups(0, NULL) < 0)
{
werror("unix_user.c: do_read_file: setgroups failed %e\n", errno);
_exit(EXIT_FAILURE);
}
if (seteuid(user->super.uid) < 0)
{
werror("unix_user.c: do_read_file: seteuid failed %e\n", errno);
_exit(EXIT_FAILURE);
}
}
assert(user->super.uid == geteuid());
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment