pupysh: special - drop priviliges if workdir owned by other user

sarvex · Mar 29, 2020 · f5e3d97 · f5e3d97
1 parent a6d9e2c
commit f5e3d97
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/pupy/pupysh.py b/pupy/pupysh.py
@@ -74,6 +74,11 @@
     if args.workdir:
         os.chdir(args.workdir)
 
+        if os.getuid() == 0 and os.getgid() == 0:
+            wdstat = os.stat(args.workdir)
+            os.setresgid(wdstat.st_uid, wdstat.st_uid, wdstat.st_uid)
+            os.setresuid(wdstat.st_uid, wdstat.st_uid, wdstat.st_uid)
+
     root_logger = logging.getLogger()
 
     if args.logfile: