If effective user id != user id, force us to act as the effective user id

/bin/bash clobbers euid with uid, which is undesirable when process-wrapper is a setuid binary being used for isolation. -- MOS_MIGRATED_REVID=93051178
author: Daniel Wagner-Hall <danielwh@google.com> 2015-05-07 18:48:38 +0000
committer: Han-Wen Nienhuys <hanwen@google.com> 2015-05-08 16:59:17 +0000
commit: 2ef5ec5116341362294b5c3407748b6387e76093 (patch)
tree: 833ccffbf8358a4830ea98bca79e0336b5dffe23 /src/main/tools
parent: 73ad1482a1d99b9acd14f4545ff11671d87ec4e1 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/src/main/tools/process-wrapper.c b/src/main/tools/process-wrapper.c
index 5aff63cb46..a6c66012ae 100644
--- a/src/main/tools/process-wrapper.c
+++ b/src/main/tools/process-wrapper.c
@@ -152,6 +152,18 @@ int main(int argc, char *argv[]) {
     DIE("Not enough cmd line arguments to process-wrapper");
   }
 
+  int uid = getuid();
+  int euid = geteuid();
+  if (uid != euid) {
+    // Switch completely to the target uid.
+    // Some programs (notably, bash) ignore the euid and just use the uid. This
+    // limits the ability for us to use process-wrapper as a setuid binary for
+    // security/user-isolation.
+    if (setreuid(euid, euid) != 0) {
+      DIE("changing uid failed: setreuid");
+    }
+  }
+
   // Parse the cmdline args to get the timeout and redirect files.
   argv++;
   double timeout;
author	Daniel Wagner-Hall <danielwh@google.com>	2015-05-07 18:48:38 +0000
committer	Han-Wen Nienhuys <hanwen@google.com>	2015-05-08 16:59:17 +0000
commit	2ef5ec5116341362294b5c3407748b6387e76093 (patch)
tree	833ccffbf8358a4830ea98bca79e0336b5dffe23 /src/main/tools
parent	73ad1482a1d99b9acd14f4545ff11671d87ec4e1 (diff)