chroot: don't set bogus user-ID or group-ID for --u=U: or --u=:G

* src/chroot.c (main): Initialize both "uid" and "gid".  To -1.
This also allows one to set the user-ID or primary group-ID to 0,
in case it's not that already.
* tests/chroot/credentials: Test for the above.

diff --git a/src/chroot.c b/src/chroot.c
index dccddd72285d0dbaac4a3fb70713be0e879baec3..39b3acf03a7651a6a367944bd957c5f4b33f7f7c 100644 (file)
--- a/src/chroot.c
+++ b/src/chroot.c
@@ -202,8 +202,8 @@ main (int argc, char **argv)
 
   if (userspec)
     {
-      uid_t uid;
-      gid_t gid;
+      uid_t uid = -1;
+      gid_t gid = -1;
       char *user;
       char *group;
       char const *err = parse_user_spec (userspec, &uid, &gid, &user, &group);
@@ -223,13 +223,13 @@ main (int argc, char **argv)
           fail = true;
         }
 
-      if (gid && setgid (gid))
+      if (gid != (gid_t) -1 && setgid (gid))
         {
           error (0, errno, _("failed to set group-ID"));
           fail = true;
         }
 
-      if (uid && setuid (uid))
+      if (uid != (uid_t) -1 && setuid (uid))
         {
           error (0, errno, _("failed to set user-ID"));
           fail = true;

diff --git a/tests/chroot/credentials b/tests/chroot/credentials
index 23d66bd62431b9864bdecdf494230cd9d007de54..b76edea7dbc64e055d955cbb27d68250bd3e0c38 100755 (executable)
--- a/tests/chroot/credentials
+++ b/tests/chroot/credentials
@@ -40,4 +40,13 @@ test "$(chroot --userspec=$NON_ROOT_USERNAME:$NON_ROOT_GROUP / whoami)" != root
 test "$(chroot --userspec=$NON_ROOT_USERNAME:$NON_ROOT_GROUP --groups= / id -nG)"\
     = $NON_ROOT_GROUP || fail=1
 
+# Verify that when specifying only the user name we get the current
+# primary group ID.
+test "$(chroot --userspec=$NON_ROOT_USERNAME / id -g)" = "$(id -g)" \
+    || fail=1
+
+# Verify that when specifying only a group we get the current user ID
+test "$(chroot --userspec=:$NON_ROOT_GROUP / id -u)" = "$(id -u)" \
+    || fail=1
+
 Exit $fail