|
|
5c2053 |
From 5913893d6f3de65b16e1ad294b88893305efb20f Mon Sep 17 00:00:00 2001
|
|
|
5c2053 |
From: Ondrej Dubaj <odubaj@redhat.com>
|
|
|
5c2053 |
Date: Thu, 18 Feb 2021 09:59:31 +0100
|
|
|
5c2053 |
Subject: [PATCH] * lib/system.h (ERRNO_IS_EACCES): Remove. Not used anymore.
|
|
|
5c2053 |
(sys_reset_uid_gid): Re-initialize supplementary groups when switching
|
|
|
5c2053 |
privileges. Fix ordering of setgid and setuid calls.
|
|
|
5c2053 |
|
|
|
5c2053 |
---
|
|
|
5c2053 |
lib/system.h | 32 +++++++++++++++++++++++++-------
|
|
|
5c2053 |
1 file changed, 25 insertions(+), 7 deletions(-)
|
|
|
5c2053 |
|
|
|
5c2053 |
diff --git a/lib/system.h b/lib/system.h
|
|
|
5c2053 |
index 1c1a5d0..4fd3ce9 100644
|
|
|
5c2053 |
--- a/lib/system.h
|
|
|
5c2053 |
+++ b/lib/system.h
|
|
|
5c2053 |
@@ -470,19 +470,37 @@ char *getenv ();
|
|
|
5c2053 |
#if MSDOS
|
|
|
5c2053 |
# include <process.h>
|
|
|
5c2053 |
# define SET_BINARY_MODE(arc) setmode(arc, O_BINARY)
|
|
|
5c2053 |
-# define ERRNO_IS_EACCES errno == EACCES
|
|
|
5c2053 |
# define mkdir(file, mode) (mkdir) (file)
|
|
|
5c2053 |
# define TTY_NAME "con"
|
|
|
5c2053 |
# define sys_reset_uid_gid()
|
|
|
5c2053 |
#else
|
|
|
5c2053 |
# define SET_BINARY_MODE(arc)
|
|
|
5c2053 |
-# define ERRNO_IS_EACCES 0
|
|
|
5c2053 |
# define TTY_NAME "/dev/tty"
|
|
|
5c2053 |
-# define sys_reset_uid_gid() \
|
|
|
5c2053 |
- do { \
|
|
|
5c2053 |
- if (! (setuid (getuid ()) == 0 && setgid (getgid ()) == 0)) \
|
|
|
5c2053 |
- abort (); \
|
|
|
5c2053 |
- } while (0)
|
|
|
5c2053 |
+# include <paxlib.h>
|
|
|
5c2053 |
+static inline void
|
|
|
5c2053 |
+sys_reset_uid_gid (void)
|
|
|
5c2053 |
+{
|
|
|
5c2053 |
+ struct passwd *pw;
|
|
|
5c2053 |
+ uid_t uid = getuid ();
|
|
|
5c2053 |
+ gid_t gid = getgid ();
|
|
|
5c2053 |
+
|
|
|
5c2053 |
+ if ((pw = getpwuid (uid)) == NULL)
|
|
|
5c2053 |
+ {
|
|
|
5c2053 |
+ FATAL_ERROR ((0, errno, "%s(%lu)", "getpwuid", (unsigned long)uid));
|
|
|
5c2053 |
+ }
|
|
|
5c2053 |
+ if (initgroups (pw->pw_name, getgid ()))
|
|
|
5c2053 |
+ {
|
|
|
5c2053 |
+ FATAL_ERROR ((0, errno, "%s", "initgroups"));
|
|
|
5c2053 |
+ }
|
|
|
5c2053 |
+ if (gid != getegid () && setgid (gid) && errno != EPERM)
|
|
|
5c2053 |
+ {
|
|
|
5c2053 |
+ FATAL_ERROR ((0, errno, "%s", "setgid"));
|
|
|
5c2053 |
+ }
|
|
|
5c2053 |
+ if (uid != geteuid () && setuid (uid) && errno != EPERM)
|
|
|
5c2053 |
+ {
|
|
|
5c2053 |
+ FATAL_ERROR ((0, errno, "%s", "setuid"));
|
|
|
5c2053 |
+ }
|
|
|
5c2053 |
+}
|
|
|
5c2053 |
#endif
|
|
|
5c2053 |
|
|
|
5c2053 |
#if XENIX
|
|
|
5c2053 |
--
|
|
|
5c2053 |
2.26.0
|
|
|
5c2053 |
|