]> git.ipfire.org Git - thirdparty/util-linux.git/commitdiff
projects / thirdparty / util-linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 474c61c)
more: drop setuid permissions before executing anything
authorSami Kerola <kerolasa@iki.fi>
Wed, 18 Mar 2020 20:12:57 +0000 (20:12 +0000)
committerSami Kerola <kerolasa@iki.fi>
Sat, 28 Mar 2020 07:55:58 +0000 (07:55 +0000)
Pagers are not expected to have setuid or setgid bits, but assuming such
mistake has taken place try to avoid privilege escalation.

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
text-utils/more.c patch | blob | blame | history

diff --git a/text-utils/more.c b/text-utils/more.c
index f061e12fd277a74c98263768e17dff577bad4e5e..f6a59e48682d29a1fb231a3e8acbe65c14804127 100644 (file)
--- a/text-utils/more.c
+++ b/text-utils/more.c
@@ -1118,6 +1118,13 @@ static void execute(struct more_control *ctl, char *filename, char *cmd, ...)
                }
                va_end(argp);
 
+               if (geteuid() != getuid() || getegid() != getgid()) {
+                       if (setuid(getuid()) < 0)
+                               err(EXIT_FAILURE, _("setuid failed"));
+                       if (setgid(getgid()) < 0)
+                               err(EXIT_FAILURE, _("setgid failed"));
+               }
+
                execvp(cmd, args);
                errsv = errno;
                fputs(_("exec failed\n"), stderr);
Unnamed repository; edit this file 'description' to name the repository.