mirror of
https://git.savannah.gnu.org/git/make.git
synced 2024-12-24 21:04:00 +00:00
[SV 61621] Don't use POSIX_SPAWN_RESETIDS with posix_spawn()
When make is invoked in a environment where the user namespace is restricted, such as under unshare(1) (on GNU/Linux), it won't be able to find its real UID so the effective UID can't be set to it and posix_spawn() will fail with EINVAL. It's not less safe to run recipe jobs using the same UID values that make was invoked with, so don't worry about this flag. * src/job.c (child_execute_job): Don't set POSIX_SPAWN_RESETIDS flag.
This commit is contained in:
parent
21f7ac8f47
commit
1d20aa7247
1 changed files with 2 additions and 2 deletions
|
@ -2359,8 +2359,8 @@ child_execute_job (struct childbase *child, int good_stdin, char **argv)
|
|||
if ((r = posix_spawn_file_actions_adddup2 (&fa, fderr, FD_STDERR)) != 0)
|
||||
goto cleanup;
|
||||
|
||||
/* Be the user, permanently. */
|
||||
flags |= POSIX_SPAWN_RESETIDS;
|
||||
/* We can't use the POSIX_SPAWN_RESETIDS flag: when make is invoked under
|
||||
restrictive environments like unshare it will fail with EINVAL. */
|
||||
|
||||
/* Apply the spawn flags. */
|
||||
if ((r = posix_spawnattr_setflags (&attr, flags)) != 0)
|
||||
|
|
Loading…
Reference in a new issue