Only seteuid/setegid if they differ from current values
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Wed, 21 Dec 2011 15:42:51 +0000 (10:42 -0500)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Wed, 21 Dec 2011 15:42:51 +0000 (10:42 -0500)
According to seteuid(2):

       According to POSIX.1, seteuid() (setegid()) need not permit euid (egid)
       to be the same value as the current effective user (group) ID, and some
       implementations do not permit this.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
librunas/runas.c

index cbb70ee193469dfe35439b8735fcbdda9ebad938..1fc4116255b017ddeed25a2fa5dae414931b1e84 100644 (file)
@@ -148,15 +148,19 @@ int child_run_as(void *_data)
         * cannot attach to this process with, e.g. ptrace, nor map this
         * process memory.
         */
-       ret = setegid(data->gid);
-       if (ret < 0) {
-               perror("setegid");
-               exit(EXIT_FAILURE);
+       if (data->gid != getegid()) {
+               ret = setegid(data->gid);
+               if (ret < 0) {
+                       perror("setegid");
+                       exit(EXIT_FAILURE);
+               }
        }
-       ret = seteuid(data->uid);
-       if (ret < 0) {
-               perror("seteuid");
-               exit(EXIT_FAILURE);
+       if (data->uid != geteuid()) {
+               ret = seteuid(data->uid);
+               if (ret < 0) {
+                       perror("seteuid");
+                       exit(EXIT_FAILURE);
+               }
        }
        /*
         * Also set umask to 0 for mkdir executable bit.
This page took 0.032255 seconds and 4 git commands to generate.