Check if the binary is setuid root

Otherwise we can get mount failed: operation not permitted (e.g., on NixOS when the fusermount3 found on the $PATH is /run/current-system/sw/bin/fusermount3)
AppImage · Nov 24, 2024 · b3993e2 · b3993e2
1 parent 932cb73
commit b3993e2
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/src/runtime/runtime.c b/src/runtime/runtime.c
@@ -443,6 +443,20 @@ char* find_fusermount() {
                     char* fusermount_full_path = malloc(strlen(dir) + strlen(entry->d_name) + 2);
                     sprintf(fusermount_full_path, "%s/%s", dir, entry->d_name);
 
+                    // Check if the binary is setuid root
+                    struct stat sb;
+                    if (stat(fusermount_full_path, &sb) == -1) {
+                        perror("stat");
+                        free(fusermount_full_path);
+                        continue;
+                    }
+
+                    if (sb.st_uid != 0 || (sb.st_mode & S_ISUID) == 0) {
+                        // Not setuid root, skip this binary
+                        free(fusermount_full_path);
+                        continue;
+                    }
+
                     pid_t pid = fork();
                     if (pid == -1) {
                         perror("fork");