add paranoia checks on setuid/setgid

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2009-12-14 16:00:28 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2009-12-14 16:00:28 +0100
commit: 5f3b126f3013cb78fa2e5a8beb935021e21d5c5d (patch)
tree: f73b2d969ade5cfdb353f76b11ac13555bd85b7c /src/Hooks
parent: 452013e2097aa985bf8c3f8296d00d189401eea3 (diff)
download: abrt-5f3b126f3013cb78fa2e5a8beb935021e21d5c5d.tar.gz
abrt-5f3b126f3013cb78fa2e5a8beb935021e21d5c5d.tar.xz
abrt-5f3b126f3013cb78fa2e5a8beb935021e21d5c5d.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/src/Hooks/CCpp.cpp b/src/Hooks/CCpp.cpp
index fdb31a5c..fd789cfb 100644
--- a/src/Hooks/CCpp.cpp
+++ b/src/Hooks/CCpp.cpp
@@ -216,7 +216,7 @@ int main(int argc, char** argv)
         /* not an error, exit silently */
         return 0;
     }
-    if (pid <= 0 || uid < 0)
+    if (pid <= 0 || (int)uid < 0)
     {
         error_msg_and_die("pid '%s' or uid '%s' are bogus", argv[2], argv[4]);
     }
@@ -450,9 +450,14 @@ int main(int argc, char** argv)
  create_user_core:
     /* Write a core file for user */
 
+    struct passwd* pw = getpwuid(uid);
+    gid_t gid = pw ? pw->pw_gid : uid;
+    setgroups(1, &gid);
+    xsetregid(gid, gid);
+    xsetreuid(uid, uid);
+
     errno = 0;
-    if (setuid(uid) != 0
-     || user_pwd == NULL
+    if (user_pwd == NULL
      || chdir(user_pwd) != 0
     ) {
         perror_msg_and_die("can't cd to %s", user_pwd);
author	Denys Vlasenko <vda.linux@googlemail.com>	2009-12-14 16:00:28 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2009-12-14 16:00:28 +0100
commit	5f3b126f3013cb78fa2e5a8beb935021e21d5c5d (patch)
tree	f73b2d969ade5cfdb353f76b11ac13555bd85b7c /src/Hooks
parent	452013e2097aa985bf8c3f8296d00d189401eea3 (diff)
download	abrt-5f3b126f3013cb78fa2e5a8beb935021e21d5c5d.tar.gz abrt-5f3b126f3013cb78fa2e5a8beb935021e21d5c5d.tar.xz abrt-5f3b126f3013cb78fa2e5a8beb935021e21d5c5d.zip