From efeb94cdab68ecb81cae8b0bba816a6ee55207c2 Mon Sep 17 00:00:00 2001 From: Julian Blake Kongslie Date: Mon, 29 Oct 2012 22:11:22 -0700 Subject: OK, I'll include a single security check. Can't have uid=0 or gid=0. --- main.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/main.c b/main.c index 7af7c55..8d07953 100644 --- a/main.c +++ b/main.c @@ -43,6 +43,10 @@ int main( int argc, char *argv[] ) { }; assert( grouppw != NULL ); + // literally the only security check + assert( grouppw->gr_gid != 0 ); + assert( userpw->pw_uid != 0 ); + if ( setgroups( 0, NULL ) != 0 ) assert_perror( errno ); -- cgit v1.2.3