Agree, thanks for your solution!
Will this solution be part of upstream code in near future ?
Thanks.
Ondrej
On Mon, Feb 8, 2021 at 5:06 PM Sergey Poznyakoff <g...@gnu.org.ua> wrote:
> FWIW, I'd rather propose something like that:
>
> diff --git a/lib/system.h b/lib/system.h
> index e7f531c..dffab86 100644
> --- a/lib/system.h
> +++ b/lib/system.h
> @@ -470,19 +470,37 @@ char *getenv ();
> #if MSDOS
> # include <process.h>
> # define SET_BINARY_MODE(arc) setmode(arc, O_BINARY)
> # define ERRNO_IS_EACCES errno == EACCES
> # define mkdir(file, mode) (mkdir) (file)
> # define TTY_NAME "con"
> # define sys_reset_uid_gid()
> #else
> # define SET_BINARY_MODE(arc)
> # define ERRNO_IS_EACCES 0
> # define TTY_NAME "/dev/tty"
> -# define sys_reset_uid_gid() \
> - do { \
> - if (! (setuid (getuid ()) == 0 && setgid (getgid ()) == 0)) \
> - abort (); \
> - } while (0)
> +# include <paxlib.h>
> +static inline void
> +sys_reset_uid_gid (void)
> +{
> + struct passwd *pw;
> + uid_t uid = getuid ();
> + gid_t gid = getgid ();
> +
> + if ((pw = getpwuid (uid)) == NULL)
> + {
> + FATAL_ERROR ((0, errno, "%s(%ld)", "getpwuid", (unsigned long)uid));
> + }
> + if (initgroups (pw->pw_name, getgid ()))
> + {
> + FATAL_ERROR ((0, errno, "%s", "initgroups"));
> + }
> + if (gid != getegid () && setgid (gid) && errno != EPERM)
> + {
> + FATAL_ERROR ((0, errno, "%s", "setgid"));
> + }
> + if (uid != geteuid () && setuid (uid) && errno != EPERM)
> + {
> + FATAL_ERROR ((0, errno, "%s", "setuid"));
> + }
> +}
> #endif
>
> #if XENIX
>
>
