From: R. Steve McKown <rsmckown@gmail.com>
Date: Mon, 1 Oct 2012 17:42:13 +0000 (-0600)
Subject: Properly force group id as done with user id
X-Git-Tag: 0.6
X-Git-Url: https://oss.titaniummirror.com/gitweb?p=repo_shell.git;a=commitdiff_plain;h=9c21356b4de36e2db5ede03b1ee5edfc587e0b85

Properly force group id as done with user id

Note that group id must be set first, when we still have effective root
permissions thanks to u+s on repo_shell.
---

diff --git a/repo_shell.c b/repo_shell.c
index e4918b3..07e5cf7 100644
--- a/repo_shell.c
+++ b/repo_shell.c
@@ -38,9 +38,17 @@ static void change_user(char *user)
 
   if (!pw)
     die("invalid user %s", user);
+  setgid(pw->pw_gid);
   setuid(pw->pw_uid);
 }
 
+/* Set the user and group permissions back to the requesting user */
+static void reset_user()
+{
+  setgid(getgid());
+  setuid(getuid());
+}
+
 static char *dequote(char *arg)
 {
   char* narg = NULL;
@@ -209,7 +217,7 @@ int main(int argc, char **argv)
       fprintf(stderr, "\n");
       die("only repository access is allowed");
     }
-    setuid(getuid());
+    reset_user();
     argv[0] = SHELL;
     execvp(argv[0], (char *const *) argv);
     return 1;
@@ -270,7 +278,7 @@ int main(int argc, char **argv)
 
   if (!cfg.allow_interactive)
     die("only repository access is allowed");
-  setuid(getuid());
+  reset_user();
   cd_to_homedir();
   argv[0] = SHELL;
   execvp(argv[0], (char *const *) argv);