blob: 4b37fc5070e3f0b8de320c40039a15fae770de00 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index d67353d..daa6df9 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -907,7 +907,8 @@ g_vfs_backend_admin_init (GVfsBackendAdmin *self)
#define REQUIRED_CAPS (CAP_TO_MASK(CAP_FOWNER) | \
CAP_TO_MASK(CAP_DAC_OVERRIDE) | \
- CAP_TO_MASK(CAP_DAC_READ_SEARCH))
+ CAP_TO_MASK(CAP_DAC_READ_SEARCH) | \
+ CAP_TO_MASK(CAP_CHOWN))
static void
acquire_caps (uid_t uid)
@@ -919,10 +920,15 @@ acquire_caps (uid_t uid)
if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
g_error ("prctl(PR_SET_KEEPCAPS) failed");
- /* Drop root uid, but retain the required permitted caps */
- if (setuid (uid) < 0)
+ /* Set euid to user to make dbus work */
+ if (seteuid (uid) < 0)
g_error ("unable to drop privs");
+ /* Set fsuid to still behave like root when working with files */
+ setfsuid (0);
+ if (setfsuid (-1) != 0)
+ g_error ("setfsuid failed");
+
memset (&hdr, 0, sizeof(hdr));
hdr.version = _LINUX_CAPABILITY_VERSION;
|
