diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2016-11-22 15:48:46 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2016-11-22 15:51:00 +0100 |
| commit | ab3f4a073671a0f36b23988e0ece7adbe476a053 (patch) | |
| tree | b387831f629b1aa68815b24a75e5773393ea7f37 /csource | |
| parent | 7f3778fa10dc9230a87f618af1e82a5a22f8424c (diff) | |
executor: fix sandbox=setuid
Need to chmod(0777) the work dir before we do setuid(nobody).
Otherwise nobody user won't have rights to use the temp dir.
Diffstat (limited to 'csource')
| -rw-r--r-- | csource/common.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/csource/common.go b/csource/common.go index 76de0877e..70e84ad1f 100644 --- a/csource/common.go +++ b/csource/common.go @@ -3,7 +3,9 @@ package csource var commonHeader = ` +#ifndef _GNU_SOURCE #define _GNU_SOURCE +#endif #include <dirent.h> #include <errno.h> #include <fcntl.h> @@ -227,6 +229,8 @@ static void setup_main_process() char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) fail("failed to mkdtemp"); + if (chmod(tmpdir, 0777)) + fail("failed to chmod"); if (chdir(tmpdir)) fail("failed to chdir"); } |