madmaurice/pidjail: A small utility program that sets up a new pid namespace and starts a process within that. Needs root via suid bit but later drops root priviliges to calling user.

A small utility program that sets up a new pid namespace and starts a process within that. Needs root via suid bit but later drops root priviliges to calling user.

Find a file

MadMaurice 650a576c56 Make dropped root privileges permanent seteuid sets the effective uid but at the same time retains the old effective uid as a so called saved uid, which allows the process to go back to root at a later point in time. As we don't want that, we use the function setresuid and setresgid instead, allowing to set the real, effective and saved uid/gid. We keep the real uid/gid unchanged, but set the effective and saved uid/gid to the value of the real uid. This forbids us to not regain root priviliges.	2021-01-15 20:22:22 +01:00
.gitignore	Initial version	2021-01-06 04:42:04 +01:00
main.c	Make dropped root privileges permanent	2021-01-15 20:22:22 +01:00
Makefile	Add install target to Makefile	2021-01-07 21:13:59 +01:00

MadMaurice 650a576c56 Make dropped root privileges permanent

seteuid sets the effective uid but at the same time retains the old
effective uid as a so called saved uid, which allows the process to go
back to root at a later point in time. As we don't want that, we use
the function setresuid and setresgid instead, allowing to set the
real, effective and saved uid/gid. We keep the real uid/gid unchanged,
but set the effective and saved uid/gid to the value of the real uid.
This forbids us to not regain root priviliges.

2021-01-15 20:22:22 +01:00

.gitignore

Initial version

2021-01-06 04:42:04 +01:00

main.c

Make dropped root privileges permanent

2021-01-15 20:22:22 +01:00

Makefile

Add install target to Makefile

2021-01-07 21:13:59 +01:00