more: drop setuid permissions before executing anything
Pagers are not expected to have setuid or setgid bits, but assuming such mistake has taken place try to avoid privilege escalation. Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This commit is contained in:
parent
474c61c0a8
commit
8fb5fe304a
|
@ -1118,6 +1118,13 @@ static void execute(struct more_control *ctl, char *filename, char *cmd, ...)
|
|||
}
|
||||
va_end(argp);
|
||||
|
||||
if (geteuid() != getuid() || getegid() != getgid()) {
|
||||
if (setuid(getuid()) < 0)
|
||||
err(EXIT_FAILURE, _("setuid failed"));
|
||||
if (setgid(getgid()) < 0)
|
||||
err(EXIT_FAILURE, _("setgid failed"));
|
||||
}
|
||||
|
||||
execvp(cmd, args);
|
||||
errsv = errno;
|
||||
fputs(_("exec failed\n"), stderr);
|
||||
|
|
Loading…
Reference in New Issue