Imported Upstream version 3.1.0

[debian/amanda] / common-src / pipespawn.c

diff --git a/common-src/pipespawn.c b/common-src/pipespawn.c
index f24beff3ee8e5befd0a85f6471f0b3913d6e884d..9e4e90cc1915643d0797e38b10ae3eb81fc70fa2 100644 (file)
--- a/common-src/pipespawn.c
+++ b/common-src/pipespawn.c
@@ -101,7 +101,6 @@ pipespawnv_passwd(
        passwdvar = *my_argv++;
        passwdfd  = (int *)*my_argv++;
     }
-    g_debug("pipespawnv: stdoutfd is %d", *stdoutfd);
     memset(inpipe, -1, SIZEOF(inpipe));
     memset(outpipe, -1, SIZEOF(outpipe));
     memset(errpipe, -1, SIZEOF(errpipe));
@@ -235,8 +234,16 @@ pipespawnv_passwd(
            safe_fd(-1, 0);
        }
 
-       if (need_root)
+       if (need_root) {
            become_root();
+       } else {
+           /* if our real userid is zero, the child shouldn't inherit
+            * that, so drop privs permanently */
+           if (getuid() == 0 && !set_root_privs(-1)) {
+               error(_("could not drop root privileges"));
+           }
+       }
+
        execve(prog, my_argv, env);
        e = strerror(errno);
        error(_("error [exec %s: %s]"), prog, e);