summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2017-07-10 09:17:43 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2017-07-10 09:17:43 +0200
commit12a4f9afe702b89c616610d3a29bf08257c6bace (patch)
treebad36f9bd86ae61bf188186eab53c636b179dd67
parent9de9c871bf44b931c7a1bb66d3134e2deb811f88 (diff)
libbb: do not die if setgid/setuid(real_id) on startup fails
Based on a patch from Steven McDonald <steven@steven-mcdonald.id.au>: This makes 'unshare --user' work correctly in the case where the user's shell is provided by busybox itself. 'unshare --user' creates a new user namespace without any uid mappings. As a result, /bin/busybox is setuid nobody:nogroup within the namespace, as that is the only user. However, since no uids are mapped, attempting to call setgid/setuid fails, even though this would do nothing: $ unshare --user ./busybox.broken ash ash: setgid: Invalid argument 'unshare --map-root-user' still works, but because Linux only allows uid/gid mappings to be set up once, creating a root mapping makes such a namespace useless for creating multi-user containers. With this patch, setgid and setuid will not be called in the case where they would do nothing, which is always the case inside a new user namespace because all uids are effectively mapped to nobody: $ id -u 1000 $ ls -lh busybox.fixed -rwsr-xr-x 1 root root 826.2K May 21 00:33 busybox.fixed $ unshare --user ./busybox.fixed ash $ id -u 65534 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--libbb/appletlib.c17
1 files changed, 15 insertions, 2 deletions
diff --git a/libbb/appletlib.c b/libbb/appletlib.c
index df6584978..b9fbbd1f2 100644
--- a/libbb/appletlib.c
+++ b/libbb/appletlib.c
@@ -681,8 +681,21 @@ static void check_suid(int applet_no)
if (geteuid())
bb_error_msg_and_die("must be suid to work properly");
} else if (APPLET_SUID(applet_no) == BB_SUID_DROP) {
- xsetgid(rgid); /* drop all privileges */
- xsetuid(ruid);
+ /*
+ * Drop all privileges.
+ *
+ * Don't check for errors: in normal use, they are impossible,
+ * and in special cases, exiting is harmful. Example:
+ * 'unshare --user' when user's shell is also from busybox.
+ *
+ * 'unshare --user' creates a new user namespace without any
+ * uid mappings. Thus, busybox binary is setuid nobody:nogroup
+ * within the namespace, as that is the only user. However,
+ * since no uids are mapped, calls to setgid/setuid
+ * fail (even though they would do nothing).
+ */
+ setgid(rgid);
+ setuid(ruid);
}
# if ENABLE_FEATURE_SUID_CONFIG
ret: ;