Use setresuid/setresgid to drop privileges

author: kevlo <kevlo@FreeBSD.org> 2010-05-16 08:03:24 +0000
committer: kevlo <kevlo@FreeBSD.org> 2010-05-16 08:03:24 +0000
commit: 9100ea8887f05a87a102fb3749975a39b5117f2f (patch)
tree: e8298220934fc5f0c64a62e18cad9a0ef535283c /sbin
parent: 8de3c295cb9793e5cbc0aa556561fe9955d00b28 (diff)
download: FreeBSD-src-9100ea8887f05a87a102fb3749975a39b5117f2f.zip
FreeBSD-src-9100ea8887f05a87a102fb3749975a39b5117f2f.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/sbin/bsdlabel/bsdlabel.c b/sbin/bsdlabel/bsdlabel.c
index 9a6027c..7f05874 100644
--- a/sbin/bsdlabel/bsdlabel.c
+++ b/sbin/bsdlabel/bsdlabel.c
@@ -684,6 +684,8 @@ editit(void)
 	int pid, xpid;
 	int locstat, omask;
 	const char *ed;
+	uid_t uid;
+	gid_t gid;
 
 	omask = sigblock(sigmask(SIGINT)|sigmask(SIGQUIT)|sigmask(SIGHUP));
 	while ((pid = fork()) < 0) {
@@ -699,8 +701,12 @@ editit(void)
 	}
 	if (pid == 0) {
 		sigsetmask(omask);
-		setgid(getgid());
-		setuid(getuid());
+		gid = getgid();
+		if (setresgid(gid, gid, gid) == -1)
+			err(1, "setresgid");
+		uid = getuid();
+		if (setresuid(uid, uid, uid) == -1)
+			err(1, "setresuid");
 		if ((ed = getenv("EDITOR")) == (char *)0)
 			ed = DEFEDITOR;
 		execlp(ed, ed, tmpfil, (char *)0);
author	kevlo <kevlo@FreeBSD.org>	2010-05-16 08:03:24 +0000
committer	kevlo <kevlo@FreeBSD.org>	2010-05-16 08:03:24 +0000
commit	9100ea8887f05a87a102fb3749975a39b5117f2f (patch)
tree	e8298220934fc5f0c64a62e18cad9a0ef535283c /sbin
parent	8de3c295cb9793e5cbc0aa556561fe9955d00b28 (diff)
download	FreeBSD-src-9100ea8887f05a87a102fb3749975a39b5117f2f.zip FreeBSD-src-9100ea8887f05a87a102fb3749975a39b5117f2f.tar.gz