minor enhancement: added robustness for setres[gu]id function calls

author: smitsohu <smitsohu@gmail.com> 2019-03-16 23:28:25 +0100
committer: smitsohu <smitsohu@gmail.com> 2019-03-16 23:28:25 +0100
commit: da89f57071591ad971d67532313e02ff738d91ac (patch)
tree: b09b23dbd111b9f3af43698a63df49fea94d4beb /src/firejail/no_sandbox.c
parent: Merge branch 'master' of https://github.com/netblue30/firejail (diff)
download: firejail-da89f57071591ad971d67532313e02ff738d91ac.tar.gz
firejail-da89f57071591ad971d67532313e02ff738d91ac.tar.zst
firejail-da89f57071591ad971d67532313e02ff738d91ac.zip
1 files changed, 2 insertions, 4 deletions
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index 096f34cc5..dca36a4d8 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -162,11 +162,9 @@ int check_kernel_procs(void) {
 void run_no_sandbox(int argc, char **argv) {
        EUID_ASSERT();
        // drop privileges
-        gid_t gid = getgid();
+        if (setresgid(-1, getgid(), getgid()) != 0)
-        uid_t uid = getuid();
-        if (setresgid(gid, gid, gid) != 0)
                errExit("setresgid");
-        if (setresuid(uid, uid, uid) != 0)
+        if (setresuid(-1, getuid(), getuid()) != 0)
                errExit("setresuid");
        // process limited subset of options
author	smitsohu <smitsohu@gmail.com>	2019-03-16 23:28:25 +0100
committer	smitsohu <smitsohu@gmail.com>	2019-03-16 23:28:25 +0100
commit	da89f57071591ad971d67532313e02ff738d91ac (patch)
tree	b09b23dbd111b9f3af43698a63df49fea94d4beb /src/firejail/no_sandbox.c
parent	Merge branch 'master' of https://github.com/netblue30/firejail (diff)
download	firejail-da89f57071591ad971d67532313e02ff738d91ac.tar.gz firejail-da89f57071591ad971d67532313e02ff738d91ac.tar.zst firejail-da89f57071591ad971d67532313e02ff738d91ac.zip