From: Sami Kerola <kerolasa@iki.fi>
Date: Tue, 2 Feb 2016 13:40:10 +0000 (+0000)
Subject: swapon: do not run execvp() calls when swapon is setuid binary
X-Git-Tag: v2.28-rc1~123
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8843aa41a74b4d3b3dc69fee339d2e64cb5c778f;p=thirdparty%2Futil-linux.git

swapon: do not run execvp() calls when swapon is setuid binary

swapon(8) is not expected to be setuid binary, but if it is try to avoid
obvious security vulnerability of executing user preferred mkswap file as
someone else, such as root.

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---

diff --git a/sys-utils/swapon.c b/sys-utils/swapon.c
index 5ad5cd1f3b..be8f7718bb 100644
--- a/sys-utils/swapon.c
+++ b/sys-utils/swapon.c
@@ -297,6 +297,10 @@ static int swap_reinitialize(struct swapon_ctl *ctl)
 	char const *cmd[7];
 	int idx=0;
 
+	if (geteuid() != getuid()) {
+		warnx(_("will not execute mkswap when swapon is setuid binary"));
+		return -1;
+	}
 	warnx(_("%s: reinitializing the swap."), ctl->device);
 
 	switch((pid=fork())) {