From 851b47bd7de35f4464a67c991d55cbcb07230edc Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Wed, 10 Dec 2014 18:01:01 +0100
Subject: Don't do vfork in conjunction with setuid

---
 src/libutil/util.cc | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/libutil/util.cc')

diff --git a/src/libutil/util.cc b/src/libutil/util.cc
index bdd114c5e4..5895e7200e 100644
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@@ -825,6 +825,9 @@ void killUser(uid_t uid)
        users to which the current process can send signals.  So we
        fork a process, switch to uid, and send a mass kill. */
 
+    ProcessOptions options;
+    options.allowVfork = false;
+
     Pid pid = startProcess([&]() {
 
         if (setuid(uid) == -1)
-- 
cgit 1.4.1