diff options
author | smitsohu <smitsohu@gmail.com> | 2019-03-16 23:28:25 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-03-16 23:28:25 +0100 |
commit | da89f57071591ad971d67532313e02ff738d91ac (patch) | |
tree | b09b23dbd111b9f3af43698a63df49fea94d4beb /src/firejail/no_sandbox.c | |
parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
download | firejail-da89f57071591ad971d67532313e02ff738d91ac.tar.gz firejail-da89f57071591ad971d67532313e02ff738d91ac.tar.zst firejail-da89f57071591ad971d67532313e02ff738d91ac.zip |
minor enhancement: added robustness for setres[gu]id function calls
Diffstat (limited to 'src/firejail/no_sandbox.c')
-rw-r--r-- | src/firejail/no_sandbox.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 096f34cc5..dca36a4d8 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
@@ -162,11 +162,9 @@ int check_kernel_procs(void) { | |||
162 | void run_no_sandbox(int argc, char **argv) { | 162 | void run_no_sandbox(int argc, char **argv) { |
163 | EUID_ASSERT(); | 163 | EUID_ASSERT(); |
164 | // drop privileges | 164 | // drop privileges |
165 | gid_t gid = getgid(); | 165 | if (setresgid(-1, getgid(), getgid()) != 0) |
166 | uid_t uid = getuid(); | ||
167 | if (setresgid(gid, gid, gid) != 0) | ||
168 | errExit("setresgid"); | 166 | errExit("setresgid"); |
169 | if (setresuid(uid, uid, uid) != 0) | 167 | if (setresuid(-1, getuid(), getuid()) != 0) |
170 | errExit("setresuid"); | 168 | errExit("setresuid"); |
171 | 169 | ||
172 | // process limited subset of options | 170 | // process limited subset of options |