Use setresuid/setresgid to revoke suid/sgid bit instead of seteuid/setegid in cgexec.
Signed-off-by: Jan Safranek <[email protected]> Acked-by: Dhaval Giani <[email protected]> --- src/tools/cgexec.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/tools/cgexec.c b/src/tools/cgexec.c index 7552fd9..8e0b4d8 100644 --- a/src/tools/cgexec.c +++ b/src/tools/cgexec.c @@ -13,6 +13,10 @@ * */ +#ifndef _GNU_SOURCE +#define _GNU_SOURCE +#endif + #include <errno.h> #include <grp.h> #include <libcgroup.h> @@ -113,11 +117,11 @@ int main(int argc, char *argv[]) * socket, and an euid/egid should be changed to the executing user * from a root user. */ - if (seteuid(uid)) { + if (setresuid(uid, uid, uid)) { fprintf(stderr, "%s", strerror(errno)); return -1; } - if (setegid(gid)) { + if (setresgid(gid, gid, gid)) { fprintf(stderr, "%s", strerror(errno)); return -1; } ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ Libcg-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libcg-devel
