From 8fb5fe304a20b12960422d8885647db7434f0d25 Mon Sep 17 00:00:00 2001
From: Sami Kerola <kerolasa@iki.fi>
Date: Wed, 18 Mar 2020 20:12:57 +0000
Subject: [PATCH] more: drop setuid permissions before executing anything

Pagers are not expected to have setuid or setgid bits, but assuming such
mistake has taken place try to avoid privilege escalation.

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
 text-utils/more.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/text-utils/more.c b/text-utils/more.c
index f061e12fd2..f6a59e4868 100644
--- a/text-utils/more.c
+++ b/text-utils/more.c
@@ -1118,6 +1118,13 @@ static void execute(struct more_control *ctl, char *filename, char *cmd, ...)
 		}
 		va_end(argp);
 
+		if (geteuid() != getuid() || getegid() != getgid()) {
+			if (setuid(getuid()) < 0)
+				err(EXIT_FAILURE, _("setuid failed"));
+			if (setgid(getgid()) < 0)
+				err(EXIT_FAILURE, _("setgid failed"));
+		}
+
 		execvp(cmd, args);
 		errsv = errno;
 		fputs(_("exec failed\n"), stderr);
-- 
2.47.2