From: Martin Mares <mj@ucw.cz>
Date: Wed, 9 Jul 2014 10:19:58 +0000 (+0200)
Subject: Isolate: Create meta files with permissions of the user invoking isolate
X-Git-Url: http://mj.ucw.cz/gitweb/?a=commitdiff_plain;h=f6134bd20c3bd99e67d65d421c1b6c695ce3c89a;p=moe.git

Isolate: Create meta files with permissions of the user invoking isolate

Otherwise, it can be misused for privilege escalation attacks.

The problem has been noted by Ronald Chan, but my fix differs from his.
---

diff --git a/isolate/isolate.c b/isolate/isolate.c
index 2164c90..4fc6d05 100644
--- a/isolate/isolate.c
+++ b/isolate/isolate.c
@@ -32,6 +32,7 @@
 #include <sys/stat.h>
 #include <sys/quota.h>
 #include <sys/vfs.h>
+#include <sys/fsuid.h>
 
 #define NONRET __attribute__((noreturn))
 #define UNUSED __attribute__((unused))
@@ -94,7 +95,11 @@ meta_open(const char *name)
       metafile = stdout;
       return;
     }
+  if (setfsuid(getuid()) < 0)
+    die("Failed to switch FS UID: %m");
   metafile = fopen(name, "w");
+  if (setfsuid(geteuid()) < 0)
+    die("Failed to switch FS UID back: %m");
   if (!metafile)
     die("Failed to open metafile '%s'",name);
 }