From 644832e59bf2c91ed39a644c0db55a3d2d54327f Mon Sep 17 00:00:00 2001 From: Zdenek Prikryl Date: Tue, 23 Jun 2009 16:08:14 +0200 Subject: security issues --- lib/Plugins/CCpp.cpp | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'lib/Plugins/CCpp.cpp') diff --git a/lib/Plugins/CCpp.cpp b/lib/Plugins/CCpp.cpp index cce3fb4..c11821e 100644 --- a/lib/Plugins/CCpp.cpp +++ b/lib/Plugins/CCpp.cpp @@ -34,7 +34,7 @@ #include #include #include - +#include #include #include #include @@ -144,7 +144,7 @@ void CAnalyzerCCpp::InstallDebugInfos(const std::string& pPackage) { if(FD_ISSET(pipeout[0], &rsfd)) { - int r = read(pipeout[0], buff, sizeof(buff)); + int r = read(pipeout[0], buff, sizeof(buff) - 1); if (r <= 0) { quit = true; @@ -377,6 +377,9 @@ void CAnalyzerCCpp::ExecVP(const char* pCommand, char* const pArgs[], const std: } if(child == 0) { + gid_t GID[1]; + GID[0] = atoi(pUID.c_str()); + close(STDIN_FILENO); close(STDOUT_FILENO); close(STDERR_FILENO); @@ -384,8 +387,9 @@ void CAnalyzerCCpp::ExecVP(const char* pCommand, char* const pArgs[], const std: dup2(pipeout[1], STDOUT_FILENO); close(pipeout[1]); - setuid(atoi(pUID.c_str())); - seteuid(atoi(pUID.c_str())); + setgroups(1, GID); + setregid(atoi(pUID.c_str()), atoi(pUID.c_str())); + setreuid(atoi(pUID.c_str()), atoi(pUID.c_str())); setsid(); execvp(pCommand, pArgs); @@ -408,7 +412,7 @@ void CAnalyzerCCpp::ExecVP(const char* pCommand, char* const pArgs[], const std: { if(FD_ISSET(pipeout[0], &rsfd)) { - int r = read(pipeout[0], buff, sizeof(buff)); + int r = read(pipeout[0], buff, sizeof(buff) - 1); if (r <= 0) { quit = true; -- cgit