diff options
author | Julian Andres Klode <jak@debian.org> | 2014-09-24 20:57:30 +0200 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2014-09-24 20:57:30 +0200 |
commit | 550ab420d398f303ff8cbc51e1f4dab79f8cbdf2 (patch) | |
tree | 979e98c951b52c9b8a2bc148d874d36358f6f921 /apt-pkg | |
parent | 3b084f06b65ea073176b26fd9e472dc0f76b44b0 (diff) |
DropPrivs: Also check for saved set-user-ID and set-group-ID
Diffstat (limited to 'apt-pkg')
-rw-r--r-- | apt-pkg/contrib/fileutl.cc | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index 98544b60c..05c2f2e00 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -2237,6 +2237,26 @@ bool DropPrivs() if (geteuid() != pw->pw_uid) return _error->Error("Could not switch effective user"); +#ifdef HAVE_GETRESUID + uid_t ruid = 0; + uid_t euid = 0; + uid_t suid = 0; + if (getresuid(&ruid, &euid, &suid)) + return _error->Errno("getresuid", "Could not get saved set-user-ID"); + if (suid != pw->pw_uid) + return _error->Error("Could not switch saved set-user-ID"); +#endif + +#ifdef HAVE_GETRESGID + gid_t rgid = 0; + gid_t egid = 0; + gid_t sgid = 0; + if (getresgid(&rgid, &egid, &sgid)) + return _error->Errno("getresuid", "Could not get saved set-group-ID"); + if (sgid != pw->pw_gid) + return _error->Error("Could not switch saved set-group-ID"); +#endif + /* TODO: Check saved uid/saved gid as well */ return true; } |