Browse Source

Ensure EUID and EGID are equal when running in SUID mode

Hanno Heinrichs 5 years ago
parent
commit
d00fabc002
1 changed files with 17 additions and 1 deletions
  1. 17
    1
      src/light.c

+ 17
- 1
src/light.c View File

431
     new_ctx->run_params.value = 0;
431
     new_ctx->run_params.value = 0;
432
     new_ctx->run_params.raw_mode = false;
432
     new_ctx->run_params.raw_mode = false;
433
 
433
 
434
+    uid_t uid = getuid();
435
+    uid_t euid = geteuid();
436
+    gid_t egid = getegid();
437
+    // If the real user ID is different from the effective user ID (SUID mode)
438
+    // and if we have the effective user ID of root (0)
439
+    // and if the effective group ID is different from root (0),
440
+    // then make sure to set the effective group ID to root (0).
441
+    if((uid != euid) && (euid == 0) && (egid != 0))
442
+    {
443
+        if(setegid(euid) < 0)
444
+        {
445
+            LIGHT_ERR("could not change egid from %u to %u (uid: %u, euid: %u)", egid, euid, uid, euid);
446
+            return false;
447
+        }
448
+    }
449
+
434
     // Setup the configuration folder
450
     // Setup the configuration folder
435
     // If we are root, use the system-wide configuration folder, otherwise try to find a user-specific folder, or fall back to ~/.config
451
     // If we are root, use the system-wide configuration folder, otherwise try to find a user-specific folder, or fall back to ~/.config
436
-    if(geteuid() == 0)
452
+    if(euid == 0)
437
     {
453
     {
438
         snprintf(new_ctx->sys_params.conf_dir, sizeof(new_ctx->sys_params.conf_dir), "%s", "/etc/light");
454
         snprintf(new_ctx->sys_params.conf_dir, sizeof(new_ctx->sys_params.conf_dir), "%s", "/etc/light");
439
     }
455
     }