From 550ab420d398f303ff8cbc51e1f4dab79f8cbdf2 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Wed, 24 Sep 2014 20:57:30 +0200
Subject: DropPrivs: Also check for saved set-user-ID and set-group-ID

---
 apt-pkg/contrib/fileutl.cc | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'apt-pkg')

diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index 98544b60c..05c2f2e00 100644
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -2237,6 +2237,26 @@ bool DropPrivs()
    if (geteuid() != pw->pw_uid)
       return _error->Error("Could not switch effective user");
 
+#ifdef HAVE_GETRESUID
+   uid_t ruid = 0;
+   uid_t euid = 0;
+   uid_t suid = 0;
+   if (getresuid(&ruid, &euid, &suid))
+      return _error->Errno("getresuid", "Could not get saved set-user-ID");
+   if (suid != pw->pw_uid)
+      return _error->Error("Could not switch saved set-user-ID");
+#endif
+
+#ifdef HAVE_GETRESGID
+   gid_t rgid = 0;
+   gid_t egid = 0;
+   gid_t sgid = 0;
+   if (getresgid(&rgid, &egid, &sgid))
+      return _error->Errno("getresuid", "Could not get saved set-group-ID");
+   if (sgid != pw->pw_gid)
+      return _error->Error("Could not switch saved set-group-ID");
+#endif
+
    /* TODO: Check saved uid/saved gid as well */
    return true;
 }
-- 
cgit v1.2.3