launch: counter effect of set-gid

Change-Id: I9430737c7d86cf6f7a14463f918af36314e41ec9
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

diff --git a/src/afm-launch.c b/src/afm-launch.c
index a66004b..f2a5065 100644 (file)
--- a/src/afm-launch.c
+++ b/src/afm-launch.c
@@ -104,6 +104,8 @@ struct launchparam {
        const char **slave_args;
 };
 
+static gid_t groupid = 0;
+
 static char **instantiate_arguments(const char **args, struct afm_launch_desc *desc, struct launchparam *params)
 {
        const char **iter, *p, *v;
@@ -210,6 +212,10 @@ static int launchexec1(struct afm_launch_desc *desc, pid_t children[2], struct l
        }
 
        /********* in the master child ************/
+
+       /* avoid set-gid effect */
+       setresgid(groupid, groupid, groupid);
+
        /* enter the process group */
        rc = setpgid(0, 0);
        if (rc) {
@@ -308,6 +314,9 @@ static int launchexec2(struct afm_launch_desc *desc, pid_t children[2], struct l
        close(mpipe[0]);
        close(spipe[1]);
 
+       /* avoid set-gid effect */
+       setresgid(groupid, groupid, groupid);
+
        /* enter the process group */
        rc = setpgid(0, 0);
        if (rc) {
@@ -380,6 +389,18 @@ static int launchexec2(struct afm_launch_desc *desc, pid_t children[2], struct l
        _exit(1);
 }
 
+static void afm_launch_init_group()
+{
+       if (!groupid) {
+               gid_t r, e, s;
+               getresgid(&r, &e, &s);
+               if (s && s != e)
+                       groupid = s;
+               else
+                       groupid = -1;
+       }
+}
+
 int afm_launch(struct afm_launch_desc *desc, pid_t children[2])
 {
        char datadir[PATH_MAX];
@@ -387,6 +408,9 @@ int afm_launch(struct afm_launch_desc *desc, pid_t children[2])
        char secret[9];
        struct launchparam params;
 
+       /* static init */
+       afm_launch_init_group();
+
        /* what launcher ? */
        ikl = 0;
        if (desc->type != NULL && *desc->type) {

diff --git a/src/afm-launch.h b/src/afm-launch.h
index c6aaf49..8990901 100644 (file)
--- a/src/afm-launch.h
+++ b/src/afm-launch.h
@@ -30,4 +30,3 @@ struct afm_launch_desc {
 };
 
 int afm_launch(struct afm_launch_desc *desc, pid_t children[2]);
-