]> git.ipfire.org Git - thirdparty/util-linux.git/commitdiff
projects / thirdparty / util-linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8ff8b02)
more: fix setuid/setgid order
authorKarel Zak <kzak@redhat.com>
Thu, 17 Jun 2021 10:21:04 +0000 (12:21 +0200)
committerKarel Zak <kzak@redhat.com>
Thu, 17 Jun 2021 10:21:04 +0000 (12:21 +0200)
The rule is pretty simple, always use setgid() before setuid().

Reported-by: Jan Pazdziora <jpazdziora@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
text-utils/more.c patch | blob | blame | history

diff --git a/text-utils/more.c b/text-utils/more.c
index ee42dffb9bc32a2e650ebd0858fb686b10899a33..3cb2ca3af38803d0a2948b5ea2aa44070d7c94fc 100644 (file)
--- a/text-utils/more.c
+++ b/text-utils/more.c
@@ -1250,10 +1250,10 @@ static void execute(struct more_control *ctl, char *filename, char *cmd, ...)
                va_end(argp);
 
                if (geteuid() != getuid() || getegid() != getgid()) {
-                       if (setuid(getuid()) < 0)
-                               err(EXIT_FAILURE, _("setuid failed"));
                        if (setgid(getgid()) < 0)
                                err(EXIT_FAILURE, _("setgid failed"));
+                       if (setuid(getuid()) < 0)
+                               err(EXIT_FAILURE, _("setuid failed"));
                }
 
                execvp(cmd, args);
Unnamed repository; edit this file 'description' to name the repository.