Check if the binary is setuid root

probonopd · web-flow · commit b3993e23a729 · 2024-11-24T13:09:38.000+01:00
Otherwise we can get
mount failed: operation not permitted
(e.g., on NixOS when the fusermount3 found on the $PATH is /run/current-system/sw/bin/fusermount3)
diff --git a/src/runtime/runtime.c b/src/runtime/runtime.c
@@ -443,6 +443,20 @@ char* find_fusermount() {
                     char* fusermount_full_path = malloc(strlen(dir) + strlen(entry->d_name) + 2);
                     sprintf(fusermount_full_path, "%s/%s", dir, entry->d_name);
 
+                    // Check if the binary is setuid root
+                    struct stat sb;
+                    if (stat(fusermount_full_path, &sb) == -1) {
+                        perror("stat");
+                        free(fusermount_full_path);
+                        continue;
+                    }
+
+                    if (sb.st_uid != 0 || (sb.st_mode & S_ISUID) == 0) {
+                        // Not setuid root, skip this binary
+                        free(fusermount_full_path);
+                        continue;
+                    }
+
                     pid_t pid = fork();
                     if (pid == -1) {
                         perror("fork");
