Don't do vfork in conjunction with setuid

author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2014-12-10T17·01+0100
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2014-12-10T17·01+0100
commit: 851b47bd7de35f4464a67c991d55cbcb07230edc (patch)
tree: beab0f6efc1be15bf51b7f493ea47b5b7224de4e /src/libutil/util.cc
parent: 0e8fc118b3d2d3bb6f9b0a918bf8ceb3927774cd (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/libutil/util.cc b/src/libutil/util.cc
index bdd114c5e49a..5895e7200e96 100644
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@@ -825,6 +825,9 @@ void killUser(uid_t uid)
        users to which the current process can send signals.  So we
        fork a process, switch to uid, and send a mass kill. */
 
+    ProcessOptions options;
+    options.allowVfork = false;
+
     Pid pid = startProcess([&]() {
 
         if (setuid(uid) == -1)
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2014-12-10T17·01+0100
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2014-12-10T17·01+0100
commit	851b47bd7de35f4464a67c991d55cbcb07230edc (patch)
tree	beab0f6efc1be15bf51b7f493ea47b5b7224de4e /src/libutil/util.cc
parent	0e8fc118b3d2d3bb6f9b0a918bf8ceb3927774cd (diff)