Browse Source

Use setresuid() and setresgid() where available

debian/1.8.y
Julian Andres Klode 8 years ago
parent
commit
5a3264396f
  1. 16
      apt-pkg/contrib/fileutl.cc
  2. 4
      buildlib/config.h.in
  3. 4
      configure.ac

16
apt-pkg/contrib/fileutl.cc

@ -2252,22 +2252,32 @@ bool DropPrivileges() /*{{{*/
return _error->Error("No user %s, can not drop rights", toUser.c_str());
// Do not change the order here, it might break things
// Get rid of all our supplementary groups first
if (setgroups(1, &pw->pw_gid))
return _error->Errno("setgroups", "Failed to setgroups");
// Now change the group ids to the new user
#ifdef HAVE_SETRESGID
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0)
return _error->Errno("setresgid", "Failed to set new group ids");
#else
if (setegid(pw->pw_gid) != 0)
return _error->Errno("setegid", "Failed to setegid");
if (setgid(pw->pw_gid) != 0)
return _error->Errno("setgid", "Failed to setgid");
#endif
// Change the user ids to the new user
#ifdef HAVE_SETRESUID
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0)
return _error->Errno("setresuid", "Failed to set new user ids");
#else
if (setuid(pw->pw_uid) != 0)
return _error->Errno("setuid", "Failed to setuid");
// the seteuid() is probably uneeded (at least thats what the linux
// man-page says about setuid(2)) but we cargo culted it anyway
if (seteuid(pw->pw_uid) != 0)
return _error->Errno("seteuid", "Failed to seteuid");
#endif
// Verify that the user has only a single group, and the correct one
gid_t groups[1];

4
buildlib/config.h.in

@ -28,9 +28,11 @@
/* If there is no socklen_t, define this for the netdb shim */
#undef NEED_SOCKLEN_T_DEFINE
/* We need the getresuid() function */
/* Check for getresuid() function and similar ones */
#undef HAVE_GETRESUID
#undef HAVE_GETRESGID
#undef HAVE_SETRESUID
#undef HAVE_SETRESGID
/* Define to the size of the filesize containing structures */
#undef _FILE_OFFSET_BITS

4
configure.ac

@ -174,9 +174,11 @@ AC_EGREP_HEADER(h_errno, netdb.h, [AC_MSG_RESULT(normal)],
dnl check for setuid checking function
AC_CHECK_FUNCS(getresuid getresgid)
AC_CHECK_FUNCS(getresuid getresgid setresuid setresgid)
AC_SUBST(HAVE_GETRESUID)
AC_SUBST(HAVE_GETRESGID)
AC_SUBST(HAVE_SETRESUID)
AC_SUBST(HAVE_SETRESGID)
dnl Check for doxygen
AC_PATH_PROG(DOXYGEN, doxygen)

Loading…
Cancel
Save