diff options
author | Ted Gould <ted@gould.cx> | 2012-08-20 14:44:42 -0500 |
---|---|---|
committer | Ted Gould <ted@gould.cx> | 2012-08-20 14:44:42 -0500 |
commit | c5889e2f6801c8454ce20d844f7e3f5b6c9543cb (patch) | |
tree | 80b696b8887e9086a8e140e7717b9806e24ea587 | |
parent | 200ccab9283410f1ddf65cce7d0f1b77dc5dcbcf (diff) | |
download | libpam-x2go-c5889e2f6801c8454ce20d844f7e3f5b6c9543cb.tar.gz libpam-x2go-c5889e2f6801c8454ce20d844f7e3f5b6c9543cb.tar.bz2 libpam-x2go-c5889e2f6801c8454ce20d844f7e3f5b6c9543cb.zip |
Make sure we're running as the guest user before we execute the freerdp utility
-rw-r--r-- | src/pam-freerdp.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index 7bd2657..189c82f 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -122,12 +122,16 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) struct passwd * pwdent = getpwnam(username); if (pwdent == NULL) { - _exit(-1); + _exit(EXIT_FAILURE); + } + + if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 || + setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) { + _exit(EXIT_FAILURE); } setenv("HOME", pwdent->pw_dir, 1); - /* TODO: Drop privs */ execvp(args[0], args); _exit(EXIT_FAILURE); break; |