Set real uid to root before calling sudo_edit() or run_command()

so that the monitor process is owned by root and not by the user.
Otherwise, on AIX at least, the monitor process shows up in ps as
belonging to the user (and can be killed by the user).

diff --git a/src/sudo.c b/src/sudo.c
index b8875afd0641f78cb611592aad7e117a8f354235..eb006a088f720b049c41932a0cf67edba932fe78 100644 (file)
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -288,6 +288,8 @@ main(int argc, char *argv[], char *envp[])
            command_details.envp = user_env_out;
            if (ISSET(sudo_mode, MODE_BACKGROUND))
                SET(command_details.flags, CD_BACKGROUND);
+           /* Become full root (not just setuid) so user cannot kill us. */
+           (void) setuid(ROOT_UID);
            /* Restore coredumpsize resource limit before running. */
 #ifdef RLIMIT_CORE
            if (sudo_conf_disable_coredump())