| |
@@ -0,0 +1,63 @@
|
| |
+ From 5913893d6f3de65b16e1ad294b88893305efb20f Mon Sep 17 00:00:00 2001
|
| |
+ From: Ondrej Dubaj <odubaj@redhat.com>
|
| |
+ Date: Thu, 18 Feb 2021 09:59:31 +0100
|
| |
+ Subject: [PATCH] * lib/system.h (ERRNO_IS_EACCES): Remove. Not used anymore.
|
| |
+ (sys_reset_uid_gid): Re-initialize supplementary groups when switching
|
| |
+ privileges. Fix ordering of setgid and setuid calls.
|
| |
+
|
| |
+ ---
|
| |
+ lib/system.h | 32 +++++++++++++++++++++++++-------
|
| |
+ 1 file changed, 25 insertions(+), 7 deletions(-)
|
| |
+
|
| |
+ diff --git a/lib/system.h b/lib/system.h
|
| |
+ index 1c1a5d0..4fd3ce9 100644
|
| |
+ --- a/lib/system.h
|
| |
+ +++ b/lib/system.h
|
| |
+ @@ -470,19 +470,37 @@ char *getenv ();
|
| |
+ #if MSDOS
|
| |
+ # include <process.h>
|
| |
+ # define SET_BINARY_MODE(arc) setmode(arc, O_BINARY)
|
| |
+ -# define ERRNO_IS_EACCES errno == EACCES
|
| |
+ # define mkdir(file, mode) (mkdir) (file)
|
| |
+ # define TTY_NAME "con"
|
| |
+ # define sys_reset_uid_gid()
|
| |
+ #else
|
| |
+ # define SET_BINARY_MODE(arc)
|
| |
+ -# define ERRNO_IS_EACCES 0
|
| |
+ # define TTY_NAME "/dev/tty"
|
| |
+ -# define sys_reset_uid_gid() \
|
| |
+ - do { \
|
| |
+ - if (! (setuid (getuid ()) == 0 && setgid (getgid ()) == 0)) \
|
| |
+ - abort (); \
|
| |
+ - } while (0)
|
| |
+ +# include <paxlib.h>
|
| |
+ +static inline void
|
| |
+ +sys_reset_uid_gid (void)
|
| |
+ +{
|
| |
+ + struct passwd *pw;
|
| |
+ + uid_t uid = getuid ();
|
| |
+ + gid_t gid = getgid ();
|
| |
+ +
|
| |
+ + if ((pw = getpwuid (uid)) == NULL)
|
| |
+ + {
|
| |
+ + FATAL_ERROR ((0, errno, "%s(%lu)", "getpwuid", (unsigned long)uid));
|
| |
+ + }
|
| |
+ + if (initgroups (pw->pw_name, getgid ()))
|
| |
+ + {
|
| |
+ + FATAL_ERROR ((0, errno, "%s", "initgroups"));
|
| |
+ + }
|
| |
+ + if (gid != getegid () && setgid (gid) && errno != EPERM)
|
| |
+ + {
|
| |
+ + FATAL_ERROR ((0, errno, "%s", "setgid"));
|
| |
+ + }
|
| |
+ + if (uid != geteuid () && setuid (uid) && errno != EPERM)
|
| |
+ + {
|
| |
+ + FATAL_ERROR ((0, errno, "%s", "setuid"));
|
| |
+ + }
|
| |
+ +}
|
| |
+ #endif
|
| |
+
|
| |
+ #if XENIX
|
| |
+ --
|
| |
+ 2.26.0
|
| |
+
|
| |