diff options
Diffstat (limited to 'source/smbd/smbrun.c')
| -rw-r--r-- | source/smbd/smbrun.c | 75 |
1 files changed, 38 insertions, 37 deletions
diff --git a/source/smbd/smbrun.c b/source/smbd/smbrun.c index df12ae1f85c..d547c796e07 100644 --- a/source/smbd/smbrun.c +++ b/source/smbd/smbrun.c @@ -41,56 +41,57 @@ static void close_fds(void) /* -This is a wrapper around the system call to allow commands to run correctly +This is a wrapper around the system() call to allow commands to run correctly as non root from a program which is switching between root and non-root -It takes one argument as argv[1] and runs it after becoming a non-root -user -*/ -int main(int argc,char *argv[]) +It takes 3 arguments as uid,gid,command and runs command after +becoming a non-root user */ + int main(int argc,char *argv[]) { + int uid,gid; + close_fds(); - if (getuid() != geteuid()) - { - int uid,gid; - - if (getuid() == 0) - uid = geteuid(); - else - uid = getuid(); - - if (getgid() == 0) - gid = getegid(); - else - gid = getgid(); - + if (argc != 4) exit(2); + + uid = atoi(argv[1]); + gid = atoi(argv[2]); + + /* first become root - we may need to do this in order to lose + our privilages! */ #ifdef USE_SETRES - setresgid(0,0,0); - setresuid(0,0,0); - setresgid(gid,gid,gid); - setresuid(uid,uid,uid); + setresgid(0,0,0); + setresuid(0,0,0); #else - setuid(0); - seteuid(0); - setgid(gid); - setegid(gid); - setuid(uid); - seteuid(uid); + setuid(0); + seteuid(0); #endif - if (getuid() != uid) - return(3); - } +#ifdef USE_SETFS + setfsuid(uid); + setfsgid(gid); +#endif + +#ifdef USE_SETRES + setresgid(gid,gid,gid); + setresuid(uid,uid,uid); +#else + setgid(gid); + setegid(gid); + setuid(uid); + seteuid(uid); +#endif - if (geteuid() != getuid()) - return(1); - if (argc < 2) - return(2); + /* paranoia :-) */ + if (getuid() != uid) + return(3); + + if (geteuid() != getuid()) + return(4); /* this is to make sure that the system() call doesn't run forever */ alarm(30); - return(system(argv[1])); + return(system(argv[3])); } |