X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=extras%2Fvolume_id%2Fvol_id.c;h=6961969c13f63e466638398d537058136cb21108;hp=6a9d1120e0cf30e44396ef32628f830f1cec85c0;hb=e3440f37f026b1e45d48f27ef1be903542b385f0;hpb=70721db6d7ba0d4f3ac5c17f2cedac056065ad8a

diff --git a/extras/volume_id/vol_id.c b/extras/volume_id/vol_id.c
index 6a9d1120e..6961969c1 100644
--- a/extras/volume_id/vol_id.c
+++ b/extras/volume_id/vol_id.c
@@ -27,11 +27,11 @@
 #include <unistd.h>
 #include <string.h>
 #include <ctype.h>
+#include <grp.h>
 #include <sys/ioctl.h>
 
-#include "../../udev_utils.h"
-#include "../../logging.h"
-#include "volume_id/volume_id.h"
+#include "../../udev.h"
+#include "libvolume_id/volume_id.h"
 
 #define BLKGETSIZE64 _IOR(0x12,114,size_t)
 
@@ -66,7 +66,7 @@ static void set_str(char *to, const char *from, size_t count)
 
 	/* strip trailing whitespace */
 	len = strnlen(from, count);
-	while (isspace(from[len-1]))
+	while (len && isspace(from[len-1]))
 		len--;
 
 	/* strip leading whitespace */
@@ -111,6 +111,8 @@ int main(int argc, char *argv[])
 	int i;
 	uint64_t size;
 	const char *node = NULL;
+	uid_t nobody_uid;
+	gid_t nobody_gid;
 	int rc = 0;
 
 	logging_init("vol_id");
@@ -145,17 +147,31 @@ int main(int argc, char *argv[])
 
 	if (ioctl(vid->fd, BLKGETSIZE64, &size) != 0)
 		size = 0;
+	dbg("BLKGETSIZE64=%llu", size);
+
+	/* drop all privileges */
+	nobody_uid = lookup_user("nobody");
+	nobody_gid = lookup_group("nogroup");
+	if (nobody_uid > 0 && nobody_gid > 0) {
+		if (setgroups(0, NULL) != 0 ||
+		    setgid(nobody_gid) != 0 ||
+		    setuid(nobody_uid) != 0) {
+			rc = 3;
+			goto exit;
+		}
+	}
 
 	if (volume_id_probe_all(vid, 0, size) == 0)
 		goto print;
 
 	if (print != PRINT_EXPORT)
 		fprintf(stderr, "%s: unknown volume type\n", node);
-	rc = 3;
+	rc = 4;
 	goto exit;
 
 print:
 	set_str(name, vid->label, sizeof(vid->label));
+	replace_untrusted_chars(name);
 
 	switch (print) {
 	case PRINT_EXPORT: