more: drop setuid permissions before executing anything

Pagers are not expected to have setuid or setgid bits, but assuming such mistake has taken place try to avoid privilege escalation. Signed-off-by: Sami Kerola <kerolasa@iki.fi>
2020-03-18 20:12:57 +00:00 · 2020-03-18 20:12:57 +00:00 · 8fb5fe304a
parent 474c61c0a8
commit 8fb5fe304a
1 changed files with 7 additions and 0 deletions
--- a/text-utils/more.c
+++ b/text-utils/more.c
@ -1118,6 +1118,13 @@ static void execute(struct more_control *ctl, char *filename, char *cmd, ...)
 		}
 		va_end(argp);

+		if (geteuid() != getuid() || getegid() != getgid()) {
+			if (setuid(getuid()) < 0)
+				err(EXIT_FAILURE, _("setuid failed"));
+			if (setgid(getgid()) < 0)
+				err(EXIT_FAILURE, _("setgid failed"));
+		}
+
 		execvp(cmd, args);
 		errsv = errno;
 		fputs(_("exec failed\n"), stderr);