From edf6beb585dc38c365ccbdaae85756b2814e1329 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon, 11 Jan 2010 12:09:57 +0100
Subject: *: assorted fixes prompted by security analysis; more to come

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 lib/Plugins/Mailx.cpp | 33 ++++++++-------------------------
 1 file changed, 8 insertions(+), 25 deletions(-)

(limited to 'lib/Plugins/Mailx.cpp')

diff --git a/lib/Plugins/Mailx.cpp b/lib/Plugins/Mailx.cpp
index 70eddb8..df33e84 100644
--- a/lib/Plugins/Mailx.cpp
+++ b/lib/Plugins/Mailx.cpp
@@ -39,33 +39,16 @@ CMailx::CMailx() :
 static void exec_and_feed_input(uid_t uid, const char* pText, char **pArgs)
 {
     int pipein[2];
-    pid_t child;
 
-    xpipe(pipein);
-    child = fork();
-    if (child == -1)
-    {
-        close(pipein[0]);
-        close(pipein[1]);
-        throw CABRTException(EXCEP_PLUGIN, "Can't fork");
-    }
-    if (child == 0)
-    {
-        close(pipein[1]);
-        xmove_fd(pipein[0], STDIN_FILENO);
-
-        struct passwd* pw = getpwuid(uid);
-        gid_t gid = pw ? pw->pw_gid : uid;
-        setgroups(1, &gid);
-        xsetregid(gid, gid);
-        xsetreuid(uid, uid);
-
-        execvp(pArgs[0], pArgs);
-        exit(1); /* exec failed */
-    }
+    pid_t child = fork_execv_on_steroids(
+		EXECFLG_INPUT | EXECFLG_QUIET | EXECFLG_SETGUID,
+                pArgs,
+                pipein,
+                /*unsetenv_vec:*/ NULL,
+                /*dir:*/ NULL,
+                uid);
 
-    close(pipein[0]);
-    safe_write(pipein[1], pText, strlen(pText));
+    full_write(pipein[1], pText, strlen(pText));
     close(pipein[1]);
 
     waitpid(child, NULL, 0); /* wait for command completion */
-- 
cgit