summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2014-09-24 20:57:30 +0200
committerJulian Andres Klode <jak@debian.org>2014-09-24 20:57:30 +0200
commit550ab420d398f303ff8cbc51e1f4dab79f8cbdf2 (patch)
tree979e98c951b52c9b8a2bc148d874d36358f6f921 /apt-pkg
parent3b084f06b65ea073176b26fd9e472dc0f76b44b0 (diff)
DropPrivs: Also check for saved set-user-ID and set-group-ID
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/contrib/fileutl.cc20
1 files changed, 20 insertions, 0 deletions
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index 98544b60c..05c2f2e00 100644
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -2237,6 +2237,26 @@ bool DropPrivs()
if (geteuid() != pw->pw_uid)
return _error->Error("Could not switch effective user");
+#ifdef HAVE_GETRESUID
+ uid_t ruid = 0;
+ uid_t euid = 0;
+ uid_t suid = 0;
+ if (getresuid(&ruid, &euid, &suid))
+ return _error->Errno("getresuid", "Could not get saved set-user-ID");
+ if (suid != pw->pw_uid)
+ return _error->Error("Could not switch saved set-user-ID");
+#endif
+
+#ifdef HAVE_GETRESGID
+ gid_t rgid = 0;
+ gid_t egid = 0;
+ gid_t sgid = 0;
+ if (getresgid(&rgid, &egid, &sgid))
+ return _error->Errno("getresuid", "Could not get saved set-group-ID");
+ if (sgid != pw->pw_gid)
+ return _error->Error("Could not switch saved set-group-ID");
+#endif
+
/* TODO: Check saved uid/saved gid as well */
return true;
}