From f8629652da5de3ad03c19eab0a91877ad637fbbb Mon Sep 17 00:00:00 2001
From: Juan RP <xtraeme@gmail.com>
Date: Sat, 6 Nov 2010 06:40:19 +0100
Subject: [PATCH] Make xbps_file_*_exec() always chroot if uid==0 and /bin/sh
 (+x, relative) exists.

---
 lib/fexec.c | 40 ++++++++++++++++++++++++----------------
 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/lib/fexec.c b/lib/fexec.c
index 8c483e3c..a220f241 100644
--- a/lib/fexec.c
+++ b/lib/fexec.c
@@ -51,27 +51,35 @@ pfcexec(const char *path, const char *file, const char **argv)
 {
 	pid_t			child;
 	int			status;
+	bool			do_chroot = false;
 
 	child = vfork();
 	switch (child) {
 	case 0:
-		if (path != NULL) {
-			/*
-			 * If root and /bin/sh exists chroot to
-			 * destdir and exec the command. Otherwise
-			 * just change CWD to destdir.
-			 */
-			if (getuid() == 0 && access("./bin/sh", X_OK) == 0) {
-				if (chroot(path) == -1)
-					_exit(127);
-				if (chdir("/") == -1)
-					_exit(127);
-			} else {
-				if (chdir(path) == -1)
-					_exit(127);
-			}
+		if (getuid() == 0 && access("./bin/sh", X_OK) == 0)
+			do_chroot = true;
+
+		/*
+		 * If uid==0 and /bin/sh exists, we can change root directory,
+		 * fork and execute the command. Otherwise just change current
+		 * directory and fork/execute.
+		 */
+		if (path && do_chroot) {
+			if (chroot(path) == -1)
+				_exit(127);
+			if (chdir("/") == -1)
+				_exit(127);
+		} else if (path && !do_chroot) {
+			if (chdir(path) == -1)
+				_exit(127);
+		} else if (!path && do_chroot) {
+			if (chroot(".") == -1)
+				_exit(127);
+			if (chdir("/") == -1)
+				_exit(127);
 		}
-		(void)execvp(file, (char ** const)__UNCONST(argv));
+
+		(void)execvp(file, __UNCONST(argv));
 		_exit(127);
 		/* NOTREACHED */
 	case -1: