madmaurice/pidjail: A small utility program that sets up a new pid namespace and starts a process within that. Needs root via suid bit but later drops root priviliges to calling user.

A small utility program that sets up a new pid namespace and starts a process within that. Needs root via suid bit but later drops root priviliges to calling user.

Go to file

madmaurice 650a576c56 Make dropped root privileges permanent seteuid sets the effective uid but at the same time retains the old effective uid as a so called saved uid, which allows the process to go back to root at a later point in time. As we don't want that, we use the function setresuid and setresgid instead, allowing to set the real, effective and saved uid/gid. We keep the real uid/gid unchanged, but set the effective and saved uid/gid to the value of the real uid. This forbids us to not regain root priviliges.	2021-01-15 20:22:22 +01:00
.gitignore	Initial version	2021-01-06 04:42:04 +01:00
main.c	Make dropped root privileges permanent	2021-01-15 20:22:22 +01:00
Makefile	Add install target to Makefile	2021-01-07 21:13:59 +01:00

madmaurice 650a576c56 Make dropped root privileges permanent

seteuid sets the effective uid but at the same time retains the old
effective uid as a so called saved uid, which allows the process to go
back to root at a later point in time. As we don't want that, we use
the function setresuid and setresgid instead, allowing to set the
real, effective and saved uid/gid. We keep the real uid/gid unchanged,
but set the effective and saved uid/gid to the value of the real uid.
This forbids us to not regain root priviliges.

2021-01-15 20:22:22 +01:00

.gitignore

Initial version

2021-01-06 04:42:04 +01:00

main.c

Make dropped root privileges permanent

2021-01-15 20:22:22 +01:00

Makefile

Add install target to Makefile

2021-01-07 21:13:59 +01:00