Setuid () before calling execv () in vfork () / clone ()

Question

Setuid () before calling execv () in vfork () / clone ()

I need to unlock exec from the server. Since I have a large memory size for printing on the server, I intend to use vfork()/ linux clone(). I also need to open the pipes for stdin/ stdout/ stderr. Is this allowed with clone()/ vfork()?

0

c linux

Vishal Jul 24 '12 at 10:28

source share

2 answers

clone(), CLONE_VFORK|CLONE_VM; . man 2 clone.

CLONE_FILES , , .

, , setresgid() setresuid() (, setgroups() initgroups(), - . man 2 setresuid, man 2 setgroups man 3 initgroups) .

CLONE_VFORK|CLONE_VM , clone() vfork(), , , execve().

- , Linux.

0

Nominal Animal 25 . '12 12:41

ecatmur · Accepted Answer · 2012-07-24T12:20:29+0000

From the standard:

[..] the behavior is undefined if the process created vfork()either changes any data other than a type variable pid_tused to store the return value from vfork(), either returns from the function in which it was called vfork(), or calls any other function until a successful call _exit()or one of the families functions exec.

The problem with calling functions, such as setuidor pipe, is that they can affect memory in the address space shared between the parent and child processes. If you need to do something before exec, the best way is to write a small laying process that will do everything you need, and then execfor the subsequent child process (maybe the arguments provided through argv).

shim.c
======

enum {
    /* initial arguments */
    ARGV_FILE = 5, ARGV_ARGS
};
int main(int argc, char *argv[]) {
    /* consume instructions from argv */
    /* setuid, pipe() etc. */
    return execvp(argv[ARGV_FILE], argv + ARGV_ARGS);
}

Setuid () before calling execv () in vfork () / clone ()

More articles: