Browse Source

Merge pull request #109 from hph86/fix-creds

Fix Process Credentials
Fredrik Svantesson 4 years ago
parent
commit
9faa9ae075
No account linked to committer's email
2 changed files with 18 additions and 2 deletions
  1. 1
    1
      src/Makefile.am
  2. 17
    1
      src/light.c

+ 1
- 1
src/Makefile.am View File

@@ -5,5 +5,5 @@ light_CFLAGS   = -W -Wall -Wextra -std=gnu99 -Wno-type-limits -Wno-format-trunca
5 5
 
6 6
 if CLASSIC
7 7
 install-exec-hook:
8
-	chmod 4755 $(DESTDIR)$(bindir)/light
8
+	chmod 6755 $(DESTDIR)$(bindir)/light
9 9
 endif

+ 17
- 1
src/light.c View File

@@ -431,9 +431,25 @@ light_context_t* light_initialize(int argc, char **argv)
431 431
     new_ctx->run_params.value = 0;
432 432
     new_ctx->run_params.raw_mode = false;
433 433
 
434
+    uid_t uid = getuid();
435
+    uid_t euid = geteuid();
436
+    gid_t egid = getegid();
437
+    // If the real user ID is different from the effective user ID (SUID mode)
438
+    // and if we have the effective user ID of root (0)
439
+    // and if the effective group ID is different from root (0),
440
+    // then make sure to set the effective group ID to root (0).
441
+    if((uid != euid) && (euid == 0) && (egid != 0))
442
+    {
443
+        if(setegid(euid) < 0)
444
+        {
445
+            LIGHT_ERR("could not change egid from %u to %u (uid: %u, euid: %u)", egid, euid, uid, euid);
446
+            return false;
447
+        }
448
+    }
449
+
434 450
     // Setup the configuration folder
435 451
     // If we are root, use the system-wide configuration folder, otherwise try to find a user-specific folder, or fall back to ~/.config
436
-    if(geteuid() == 0)
452
+    if(euid == 0)
437 453
     {
438 454
         snprintf(new_ctx->sys_params.conf_dir, sizeof(new_ctx->sys_params.conf_dir), "%s", "/etc/light");
439 455
     }