search

lunatic-solutions / lunatic-rs

This library contains higher level Rust wrappers for low level Lunatic syscalls.
274 stars 31 forks source link

ProcessConfig::new can fail, but will not report this #78

Closed HurricanKai closed 2 years ago

HurricanKai commented 2 years ago

This is quite the dangerous bug for users that assume they are spawning processes with reduced privileges, but this will not be the case. ProcessConfig::new is expected to return a config with no privileges, but, if the calling process does not itself have the privilege of creating configs, will simply return -1, indicating that privileges are inherited from the parent instead.

In my opinion ProcessConfig::new should return a Result<ProcessConfig, _>. Most process would simply expect this, in which case the missing privilege can simply be added, but no security hole is created.

bkolobara commented 2 years ago

I just pushed out 0.11.3 with a fix. Now ProcessConfig::new will return a Result.