Tree - rpms/light - src.fedoraproject.org

rpms / light

Overview Files Commits Branches Forks Releases
Monitoring status:

Bugzilla Assignee:

Fedora:: frostyx
EPEL:: frostyx
Files

Blob Blame History Raw
$ cat 0001-Enable-the-SUID-and-SGID-bits-for-the-light-binary.patch 
From 9c2a852c94bb93894dec48ac116e520d620a99ab Mon Sep 17 00:00:00 2001
From: Hanno Heinrichs <hanno.heinrichs@rwth-aachen.de>
Date: Sat, 18 Jan 2020 14:23:04 +0100
Subject: [PATCH 1/2] Enable the SUID and SGID bits for the light binary

---
 src/Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index 5bdd0c1..83d9c9d 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -5,5 +5,5 @@ light_CFLAGS   = -W -Wall -Wextra -std=gnu99 -Wno-type-limits -Wno-format-trunca
 
 if CLASSIC
 install-exec-hook:
-	chmod 4755 $(DESTDIR)$(bindir)/light
+	chmod 6755 $(DESTDIR)$(bindir)/light
 endif
-- 
2.24.1


$ cat 0002-Ensure-EUID-and-EGID-are-equal-when-running-in-SUID-.patch 
From d00fabc002ffe86b30332a8ac63bd2ab43097d6d Mon Sep 17 00:00:00 2001
From: Hanno Heinrichs <hanno.heinrichs@rwth-aachen.de>
Date: Sat, 18 Jan 2020 14:27:16 +0100
Subject: [PATCH 2/2] Ensure EUID and EGID are equal when running in SUID mode

---
 src/light.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/light.c b/src/light.c
index 10c9cca..ac5377d 100644
--- a/src/light.c
+++ b/src/light.c
@@ -431,9 +431,25 @@ light_context_t* light_initialize(int argc, char **argv)
     new_ctx->run_params.value = 0;
     new_ctx->run_params.raw_mode = false;
 
+    uid_t uid = getuid();
+    uid_t euid = geteuid();
+    gid_t egid = getegid();
+    // If the real user ID is different from the effective user ID (SUID mode)
+    // and if we have the effective user ID of root (0)
+    // and if the effective group ID is different from root (0),
+    // then make sure to set the effective group ID to root (0).
+    if((uid != euid) && (euid == 0) && (egid != 0))
+    {
+        if(setegid(euid) < 0)
+        {
+            LIGHT_ERR("could not change egid from %u to %u (uid: %u, euid: %u)", egid, euid, uid, euid);
+            return false;
+        }
+    }
+
     // Setup the configuration folder
     // If we are root, use the system-wide configuration folder, otherwise try to find a user-specific folder, or fall back to ~/.config
-    if(geteuid() == 0)
+    if(euid == 0)
     {
         snprintf(new_ctx->sys_params.conf_dir, sizeof(new_ctx->sys_params.conf_dir), "%s", "/etc/light");
     }
-- 
2.24.1
rpms / light

Source Code

Files
