unshare: drop potential euid privileges before exec

This patch drops potential euid privileges before executing the target
program. This allows to setuid unshare.

The unshare(1) is still distributed as non-setuid program.

Based on patch from Martin Pohlack <mp26@os.inf.tu-dresden.de>.

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/sys-utils/unshare.1 b/sys-utils/unshare.1
index 31fcfde7454396ae32a39afa77f19513a2c5dd23..06e4ac205e6afe84b0ad0e4ee527694a2c838266 100644 (file)
--- a/sys-utils/unshare.1
+++ b/sys-utils/unshare.1
@@ -47,6 +47,9 @@ Unshare the IPC namespace,
 .TP
 .BR \-n , " \-\-net"
 Unshare the network namespace.
+.SH NOTES
+The unshare command drops potential privileges before executing the
+target program. This allows to setuid unshare.
 .SH SEE ALSO
 unshare(2), clone(2)
 .SH BUGS

diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c
index df75d1776cdcc8974cd2bbc62260309cd13d3948..6b6177c5427364aaecd3ca8ea8ec3a761ad14afe 100644 (file)
--- a/sys-utils/unshare.c
+++ b/sys-utils/unshare.c
@@ -113,6 +113,13 @@ int main(int argc, char *argv[])
        if(-1 == unshare(unshare_flags))
                err(EXIT_FAILURE, _("unshare failed"));
 
+       /* drop potential root euid/egid if we had been setuid'd */
+       if (setgid(getgid()) < 0)
+               err(EXIT_FAILURE, _("cannot set group id"));
+
+       if (setuid(getuid()) < 0)
+               err(EXIT_FAILURE, _("cannot set user id"));
+
        execvp(argv[optind], argv + optind);
 
        err(EXIT_FAILURE, _("exec %s failed"), argv[optind]);