[61315] trunk/base/src/pextlib1.0/system.c
jmr at macports.org
jmr at macports.org
Tue Dec 8 08:47:31 PST 2009
Revision: 61315
http://trac.macports.org/changeset/61315
Author: jmr at macports.org
Date: 2009-12-08 08:47:28 -0800 (Tue, 08 Dec 2009)
Log Message:
-----------
set uid of processes started by the system proc to port's euid
Modified Paths:
--------------
trunk/base/src/pextlib1.0/system.c
Modified: trunk/base/src/pextlib1.0/system.c
===================================================================
--- trunk/base/src/pextlib1.0/system.c 2009-12-08 16:38:04 UTC (rev 61314)
+++ trunk/base/src/pextlib1.0/system.c 2009-12-08 16:47:28 UTC (rev 61315)
@@ -40,6 +40,7 @@
#include <paths.h>
#endif
+#include <sys/types.h>
#include <sys/wait.h>
#include <fcntl.h>
#include <stdlib.h>
@@ -79,6 +80,7 @@
int fline, pos, ret;
int osetsid = 0;
pid_t pid;
+ uid_t euid;
Tcl_Obj *tcl_result;
int read_failed, status;
@@ -128,6 +130,12 @@
if (setsid() == -1)
_exit(1);
}
+ /* drop privileges entirely for child */
+ if (getuid() == 0 && (euid = geteuid()) != 0) {
+ if (seteuid(0) || setuid(euid)) {
+ _exit(1);
+ }
+ }
/* XXX ugly string constants */
args[0] = "sh";
args[1] = "-c";
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-changes/attachments/20091208/84e9180b/attachment.html>
More information about the macports-changes
mailing list