[SV 61621] Don't use POSIX_SPAWN_RESETIDS with posix_spawn()

When make is invoked in a environment where the user namespace is restricted, such as under unshare(1) (on GNU/Linux), it won't be able to find its real UID so the effective UID can't be set to it and posix_spawn() will fail with EINVAL. It's not less safe to run recipe jobs using the same UID values that make was invoked with, so don't worry about this flag. * src/job.c (child_execute_job): Don't set POSIX_SPAWN_RESETIDS flag.
author: Paul Smith <psmith@gnu.org> 2021-12-05 14:22:43 -0500
committer: Paul Smith <psmith@gnu.org> 2021-12-19 16:34:10 -0500
commit: 1d20aa7247ece1a08bed7fa4ba5ab6b7c0f332b0 (patch)
tree: f90988667e14b5c248908d57662a8bf5541ae76e /src/job.c
parent: 21f7ac8f473923413c0798ac866ed6c97eca6eaf (diff)
download: make-git-1d20aa7247ece1a08bed7fa4ba5ab6b7c0f332b0.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/job.c b/src/job.c
index 54fadf00..9d97fc44 100644
--- a/src/job.c
+++ b/src/job.c
@@ -2359,8 +2359,8 @@ child_execute_job (struct childbase *child, int good_stdin, char **argv)
     if ((r = posix_spawn_file_actions_adddup2 (&fa, fderr, FD_STDERR)) != 0)
       goto cleanup;
 
-  /* Be the user, permanently.  */
-  flags |= POSIX_SPAWN_RESETIDS;
+  /* We can't use the POSIX_SPAWN_RESETIDS flag: when make is invoked under
+     restrictive environments like unshare it will fail with EINVAL.  */
 
   /* Apply the spawn flags.  */
   if ((r = posix_spawnattr_setflags (&attr, flags)) != 0)
author	Paul Smith <psmith@gnu.org>	2021-12-05 14:22:43 -0500
committer	Paul Smith <psmith@gnu.org>	2021-12-19 16:34:10 -0500
commit	1d20aa7247ece1a08bed7fa4ba5ab6b7c0f332b0 (patch)
tree	f90988667e14b5c248908d57662a8bf5541ae76e /src/job.c
parent	21f7ac8f473923413c0798ac866ed6c97eca6eaf (diff)
download	make-git-1d20aa7247ece1a08bed7fa4ba5ab6b7c0f332b0.tar.gz