Bläddra i källkod

Ensure EUID and EGID are equal when running in SUID mode

Hanno Heinrichs 5 år sedan
förälder
incheckning
d00fabc002
1 ändrade filer med 17 tillägg och 1 borttagningar
  1. 17
    1
      src/light.c

+ 17
- 1
src/light.c Visa fil

@@ -431,9 +431,25 @@ light_context_t* light_initialize(int argc, char **argv)
431 431
     new_ctx->run_params.value = 0;
432 432
     new_ctx->run_params.raw_mode = false;
433 433
 
434
+    uid_t uid = getuid();
435
+    uid_t euid = geteuid();
436
+    gid_t egid = getegid();
437
+    // If the real user ID is different from the effective user ID (SUID mode)
438
+    // and if we have the effective user ID of root (0)
439
+    // and if the effective group ID is different from root (0),
440
+    // then make sure to set the effective group ID to root (0).
441
+    if((uid != euid) && (euid == 0) && (egid != 0))
442
+    {
443
+        if(setegid(euid) < 0)
444
+        {
445
+            LIGHT_ERR("could not change egid from %u to %u (uid: %u, euid: %u)", egid, euid, uid, euid);
446
+            return false;
447
+        }
448
+    }
449
+
434 450
     // Setup the configuration folder
435 451
     // If we are root, use the system-wide configuration folder, otherwise try to find a user-specific folder, or fall back to ~/.config
436
-    if(geteuid() == 0)
452
+    if(euid == 0)
437 453
     {
438 454
         snprintf(new_ctx->sys_params.conf_dir, sizeof(new_ctx->sys_params.conf_dir), "%s", "/etc/light");
439 455
     }