[PATCH] setgid first, setuid second

[PATCH] setgid first, setuid second

[Stefan Hajnoczi]

Setting a new effective gid requires privileges.  We must set the gid
while we potentially still have superuser privileges.  Otherwise
setgid(2) fails because we've already changed to an unprivileged uid.

Here is a test case:
[global]
rw=read
directory=tmp
size=512m
buffered=0

[file1]
uid=1000
gid=1000

Without this patch fio will fail when invoked by root.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
---
 fio.c |   12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/fio.c b/fio.c
index 8dff813..8cc8fcf 100644
--- a/fio.c
+++ b/fio.c
@@ -1068,14 +1068,18 @@ static void *thread_main(void *data)
 	 */
 	fio_mutex_remove(td->mutex);
 
-	if (td->o.uid != -1U && setuid(td->o.uid)) {
-		td_verror(td, errno, "setuid");
-		goto err;
-	}
+	/*
+	 * A new gid requires privilege, so we need to do this before setting
+	 * the uid.
+	 */
 	if (td->o.gid != -1U && setgid(td->o.gid)) {
 		td_verror(td, errno, "setgid");
 		goto err;
 	}
+	if (td->o.uid != -1U && setuid(td->o.uid)) {
+		td_verror(td, errno, "setuid");
+		goto err;
+	}
 
 	/*
 	 * May alter parameters that init_io_u() will use, so we need to
-- 
1.7.2.3

Re: [PATCH] setgid first, setuid second

[Jens Axboe]

On 2011-01-07 21:58, Stefan Hajnoczi wrote:
> Setting a new effective gid requires privileges.  We must set the gid
> while we potentially still have superuser privileges.  Otherwise
> setgid(2) fails because we've already changed to an unprivileged uid.

Thanks, applied!

-- 
Jens Axboe