From f6134bd20c3bd99e67d65d421c1b6c695ce3c89a Mon Sep 17 00:00:00 2001
From: Martin Mares <mj@ucw.cz>
Date: Wed, 9 Jul 2014 12:19:58 +0200
Subject: [PATCH] Isolate: Create meta files with permissions of the user
 invoking isolate

Otherwise, it can be misused for privilege escalation attacks.

The problem has been noted by Ronald Chan, but my fix differs from his.
---
 isolate/isolate.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/isolate/isolate.c b/isolate/isolate.c
index 2164c90..4fc6d05 100644
--- a/isolate/isolate.c
+++ b/isolate/isolate.c
@@ -32,6 +32,7 @@
 #include <sys/stat.h>
 #include <sys/quota.h>
 #include <sys/vfs.h>
+#include <sys/fsuid.h>
 
 #define NONRET __attribute__((noreturn))
 #define UNUSED __attribute__((unused))
@@ -94,7 +95,11 @@ meta_open(const char *name)
       metafile = stdout;
       return;
     }
+  if (setfsuid(getuid()) < 0)
+    die("Failed to switch FS UID: %m");
   metafile = fopen(name, "w");
+  if (setfsuid(geteuid()) < 0)
+    die("Failed to switch FS UID back: %m");
   if (!metafile)
     die("Failed to open metafile '%s'",name);
 }
-- 
2.39.2