add set_uid and set_id, root required

2024-12-28 16:01:41 +00:00 · 2016-01-23 15:05:24 +08:00 · 2016-01-23 15:05:24 +08:00 · 7bc08802b3
commit 7bc08802b3
parent 7cd5d5d41a
2 changed files with 12 additions and 0 deletions
--- a/runner.c
+++ b/runner.c
@ -167,6 +167,13 @@ int run(struct config *config, struct result *result) {
            ERROR(DUP2_FAILED);
        }

+        if (setuid(NOBODY_UID) == -1) {
+            ERROR(SET_UID_FAILED);
+        }
+        if (setgid(NOBODY_GID) == -1) {
+            ERROR(SET_GID_FAILED);
+        }
+
        if (config->use_sandbox) {
            // load seccomp rules
            ctx = seccomp_init(SCMP_ACT_KILL);
--- a/runner.h
+++ b/runner.h
@ -22,6 +22,8 @@
 #define DUP2_FAILED 6
 #define EXCEVE_FAILED 7
 #define LOAD_SECCOMP_FAILED 8
+#define SET_UID_FAILED 9
+#define SET_GID_FAILED 10

 #define CPU_TIME_LIMIT_EXCEEDED 1
 #define REAL_TIME_LIMIT_EXCEEDED 2
@ -31,6 +33,9 @@

 #define ERROR(code) raise(SIGUSR1);return code

+#define NOBODY_UID 65534
+#define NOBODY_GID 65534
+
 struct result {
    int cpu_time;
    long memory;