diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2009-12-14 16:00:28 +0100 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2009-12-14 16:00:28 +0100 |
commit | 5f3b126f3013cb78fa2e5a8beb935021e21d5c5d (patch) | |
tree | f73b2d969ade5cfdb353f76b11ac13555bd85b7c /src/Hooks | |
parent | 452013e2097aa985bf8c3f8296d00d189401eea3 (diff) | |
download | abrt-5f3b126f3013cb78fa2e5a8beb935021e21d5c5d.tar.gz abrt-5f3b126f3013cb78fa2e5a8beb935021e21d5c5d.tar.xz abrt-5f3b126f3013cb78fa2e5a8beb935021e21d5c5d.zip |
add paranoia checks on setuid/setgid
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'src/Hooks')
-rw-r--r-- | src/Hooks/CCpp.cpp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/Hooks/CCpp.cpp b/src/Hooks/CCpp.cpp index fdb31a5c..fd789cfb 100644 --- a/src/Hooks/CCpp.cpp +++ b/src/Hooks/CCpp.cpp @@ -216,7 +216,7 @@ int main(int argc, char** argv) /* not an error, exit silently */ return 0; } - if (pid <= 0 || uid < 0) + if (pid <= 0 || (int)uid < 0) { error_msg_and_die("pid '%s' or uid '%s' are bogus", argv[2], argv[4]); } @@ -450,9 +450,14 @@ int main(int argc, char** argv) create_user_core: /* Write a core file for user */ + struct passwd* pw = getpwuid(uid); + gid_t gid = pw ? pw->pw_gid : uid; + setgroups(1, &gid); + xsetregid(gid, gid); + xsetreuid(uid, uid); + errno = 0; - if (setuid(uid) != 0 - || user_pwd == NULL + if (user_pwd == NULL || chdir(user_pwd) != 0 ) { perror_msg_and_die("can't cd to %s", user_pwd); |