stop-impersonation-before-forking [plain text]
Index: samba/source/lib/smbrun.c
===================================================================
--- samba/source/lib/smbrun.c.orig
+++ samba/source/lib/smbrun.c
@@ -82,15 +82,23 @@ static int smbrun_internal(const char *c
*/
CatchChildLeaveStatus();
-
+
+ /* If we were impersonating with pthread_setugid_np, the assumed
+ * credential becomes the real credential in the child. Ironically,
+ * we need to fork as root to make sure that we can drop privileges.
+ */
+ become_root();
+
if ((pid=sys_fork()) < 0) {
+ int errsav = errno;
DEBUG(0,("smbrun: fork failed with error %s\n", strerror(errno) ));
CatchChild();
if (outfd) {
close(*outfd);
*outfd = -1;
}
- return errno;
+ unbecome_root();
+ return errsav;
}
if (pid) {
@@ -100,6 +108,7 @@ static int smbrun_internal(const char *c
int status=0;
pid_t wpid;
+ unbecome_root();
/* the parent just waits for the child to exit */
while((wpid = sys_waitpid(pid,&status,0)) < 0) {