src/runas: Fixes and cleanups
The runas helper runs a command as another user and/or with different group
memberships. Fix the following problems:
* Use setgid instead of setegid and setuid instead of seteuid.
Otherwise, the command will run with the original real UID
and/or GID; those could be made the effective IDs again.
* When only a GID is specified, remove all supplementary
GIDs. Otherwise, the command would remain in the same
supplementary groups as runas -- which often is the root
group.
* Use execvp instead of execv which searches the PATH when
necessary. The runas helper is always called either with a
'/' in the pathname or as "runas ... `which program`", so
we obviously want PATH lookup, anyway.
* There is no advantage in fork'ing and waiting for the child
over directly exec'ing the command; the test cases already
have to deal with commands which can be killed by signals.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>