X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=common-src%2Fpipespawn.c;h=9e4e90cc1915643d0797e38b10ae3eb81fc70fa2;hb=c0dcac5cea561cfb1faa01a0c0738a8768c22efd;hp=28f342bdc18f5a6e7564bde5a9a1f016c11018fc;hpb=afaa71b3866b46b082b6c895772e15b36d8865fe;p=debian%2Famanda diff --git a/common-src/pipespawn.c b/common-src/pipespawn.c index 28f342b..9e4e90c 100644 --- a/common-src/pipespawn.c +++ b/common-src/pipespawn.c @@ -101,7 +101,6 @@ pipespawnv_passwd( passwdvar = *my_argv++; passwdfd = (int *)*my_argv++; } - g_debug("pipespawnv: stdoutfd is %d", *stdoutfd); memset(inpipe, -1, SIZEOF(inpipe)); memset(outpipe, -1, SIZEOF(outpipe)); memset(errpipe, -1, SIZEOF(errpipe)); @@ -175,6 +174,7 @@ pipespawnv_passwd( } break; case 0: /* child process */ + debug_dup_stderr_to_debug(); if ((pipedef & STDIN_PIPE) != 0) { aclose(inpipe[1]); /* close output side of pipe */ } else { @@ -198,15 +198,18 @@ pipespawnv_passwd( * Shift the pipes to the standard file descriptors as requested. */ if(dup2(inpipe[0], 0) == -1) { - error(_("error [spawn %s: dup2 in: %s]"), prog, strerror(errno)); + g_fprintf(stderr, "error [spawn %s: dup2 in: %s]", prog, strerror(errno)); + exit(1); /*NOTREACHED*/ } if(dup2(outpipe[1], 1) == -1) { - error(_("error [spawn %s: dup2 out: %s]"), prog, strerror(errno)); + g_fprintf(stderr, "error [spawn %s: dup2 out: %s]", prog, strerror(errno)); + exit(1); /*NOTREACHED*/ } if(dup2(errpipe[1], 2) == -1) { - error(_("error [spawn %s: dup2 err: %s]"), prog, strerror(errno)); + g_fprintf(stderr, "error [spawn %s: dup2 err: %s]", prog, strerror(errno)); + exit(1); /*NOTREACHED*/ } @@ -231,8 +234,16 @@ pipespawnv_passwd( safe_fd(-1, 0); } - if (need_root) + if (need_root) { become_root(); + } else { + /* if our real userid is zero, the child shouldn't inherit + * that, so drop privs permanently */ + if (getuid() == 0 && !set_root_privs(-1)) { + error(_("could not drop root privileges")); + } + } + execve(prog, my_argv, env); e = strerror(errno); error(_("error [exec %s: %s]"), prog, e);