Browse Source

DropPrivs: Move the re-set uid/gid thing to the end of the function

Git-Dch: ignore
debian/1.8.y
Julian Andres Klode 8 years ago
parent
commit
bdc00df54d
  1. 14
      apt-pkg/contrib/fileutl.cc

14
apt-pkg/contrib/fileutl.cc

@ -2213,13 +2213,6 @@ bool DropPrivs()
if (seteuid(pw->pw_uid) != 0)
return _error->Errno("seteuid", "Failed to seteuid");
// Check that uid and gid changes do not work anymore
if (pw->pw_gid != old_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1))
return _error->Error("Could restore a gid to root, privilege dropping did not work");
if (pw->pw_uid != old_uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
return _error->Error("Could restore a uid to root, privilege dropping did not work");
// Verify that the user has only a single group, and the correct one
gid_t groups[1];
if (getgroups(1, groups) != 1)
@ -2257,5 +2250,12 @@ bool DropPrivs()
return _error->Error("Could not switch saved set-group-ID");
#endif
// Check that uid and gid changes do not work anymore
if (pw->pw_gid != old_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1))
return _error->Error("Could restore a gid to root, privilege dropping did not work");
if (pw->pw_uid != old_uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
return _error->Error("Could restore a uid to root, privilege dropping did not work");
return true;
}

Loading…
Cancel
Save