]> granicus.if.org Git - shadow/commitdiff
projects / shadow / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f54a68a)
* libmisc/root_flag.c: Drop privileges before changing root. The
authornekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Fri, 11 Nov 2011 12:09:58 +0000 (12:09 +0000)
committernekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Fri, 11 Nov 2011 12:09:58 +0000 (12:09 +0000)
--root option should not be used by regular users for suid utils.
* libmisc/root_flag.c: Improve error messages.

ChangeLog patch | blob | history
libmisc/root_flag.c patch | blob | history

diff --git a/ChangeLog b/ChangeLog
index 95f131c8b3cb3b2ab26c2e14d264489c49839b30..43bb9765680d0ddcb28a7f5af179e0f510797177 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2011-11-11  Nicolas François  <nicolas.francois@centraliens.net>
+
+       * libmisc/root_flag.c: Drop privileges before changing root. The
+       --root option should not be used by regular users for suid utils.
+       * libmisc/root_flag.c: Improve error messages.
+
 2011-11-11  Nicolas François  <nicolas.francois@centraliens.net>
 
        * src/pwck.c: Compile fix for TCB.
diff --git a/libmisc/root_flag.c b/libmisc/root_flag.c
index 1d54fb3f1ea232e3ee2a052199829ae3094209a0..e8b3e28e5517521a43c61ad5e3a84f52bcf44db7 100644 (file)
--- a/libmisc/root_flag.c
+++ b/libmisc/root_flag.c
@@ -83,6 +83,14 @@ extern void process_root_flag (const char* short_opt, int argc, char **argv)
 
 static void change_root (const char* newroot)
 {
+       /* Drop privileges */
+       if (   (setregid (rgid, rgid) != 0)
+           || (setreuid (ruid, ruid) != 0)) {
+               fprintf (stderr, _("%s: failed to drop privileges (%s)\n"),
+                        Prog, strerror (errno));
+               exit (EXIT_FAILURE);
+       }
+
        if ('/' != newroot[0]) {
                fprintf (stderr,
                         _("%s: invalid chroot path '%s'\n"),
@@ -92,14 +100,14 @@ static void change_root (const char* newroot)
 
        if (access (newroot, F_OK) != 0) {
                fprintf(stderr,
-                       _("%s: chroot directory %s does not exist\n"),
-                       Prog, newroot);
+                       _("%s: cannot access chroot directory %s: %s\n"),
+                       Prog, newroot, strerror (errno));
                exit (E_BAD_ARG);
        }
        if (chroot (newroot) != 0) {
                fprintf(stderr,
-                       _("%s: unable to chroot to directory %s\n"),
-                       Prog, newroot);
+                       _("%s: unable to chroot to directory %s: %s\n"),
+                       Prog, newroot, strerror (errno));
                exit (E_BAD_ARG);
        }
 }
Unnamed repository; edit this file 'description' to name the repository.