summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/core/execute.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index 953cfa2baa..4d4091940f 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -703,6 +703,7 @@ static int null_conv(
static int setup_pam(
const char *name,
const char *user,
+ uid_t uid,
const char *tty,
char ***pam_env,
int fds[], unsigned n_fds) {
@@ -781,10 +782,17 @@ static int setup_pam(
open here that have been opened by PAM. */
close_many(fds, n_fds);
- /* Wait until our parent died. This will most likely
- * not work since the kernel does not allow
- * unprivileged parents kill their privileged children
- * this way. We rely on the control groups kill logic
+ /* Drop privileges - we don't need any to pam_close_session
+ * and this will make PR_SET_PDEATHSIG work in most cases.
+ * If this fails, ignore the error - but expect sd-pam threads
+ * to fail to exit normally */
+ if (setresuid(uid, uid, uid) < 0)
+ log_error("Error: Failed to setresuid() in sd-pam: %s", strerror(-r));
+
+ /* Wait until our parent died. This will only work if
+ * the above setresuid() succeeds, otherwise the kernel
+ * will not allow unprivileged parents kill their privileged
+ * children this way. We rely on the control groups kill logic
* to do the rest for us. */
if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
goto child_finish;
@@ -1294,7 +1302,7 @@ int exec_spawn(ExecCommand *command,
#ifdef HAVE_PAM
if (context->pam_name && username) {
- err = setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds);
+ err = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
if (err < 0) {
r = EXIT_PAM;
goto fail_child;