Am 10.10.2012 18:17, schrieb Paolo Bonzini:
Il 10/10/2012 18:14, Stefan Weil ha scritto:
diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
index f9a8270..b34a84a 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -290,8 +290,12 @@ static int setfsugid(int uid, int gid)
CAP_DAC_OVERRIDE,
};
- setfsgid(gid);
- setfsuid(uid);
+ if (setfsgid(gid) != 0) {
+ return -1;
+ }
Wouldn't setfsgid(gid) == gid be also ok?
Of course, it should be < 0. I have no idea how to test this thing...
Paolo
< 0 would be wrong because it looks like both functions never
return negative values. I just wrote a small test program (see
below) and called it with different uids with and without root
rights. This pattern should be fine:
new_uid = setfsuid(uid);
if (new_uid != 0 && new_uid != uid) {
return -1;
}
Stefan
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h> /* glibc uses <sys/fsuid.h> */
#include <sys/fsuid.h>
int main(int argc, char *argv[])
{
uid_t fsuid = strtoul(argv[1], 0, 0);
int r = setfsuid(fsuid);
printf("setfsuid(%u) returned %u\n", fsuid, r);
return 0;
}
