Inherit group as well as user
This commit is contained in:
parent
c5d384dcd3
commit
123d69bd86
1
install
1
install
|
@ -7,3 +7,4 @@ cp "$SCRIPT_DIR/$DISTRO" "$INSTALL_DIR"
|
|||
chown root "$INSTALL_DIR/$DISTRO"
|
||||
chmod 755 "$INSTALL_DIR/$DISTRO"
|
||||
chmod u+s "$INSTALL_DIR/$DISTRO"
|
||||
chmod g+s "$INSTALL_DIR/$DISTRO"
|
||||
|
|
40
src/main.c
40
src/main.c
|
@ -33,10 +33,43 @@ char readline(char * buffer,int maxsize) {
|
|||
}
|
||||
}
|
||||
|
||||
int userUID; int userGID;
|
||||
int ownerUID; int ownerGID;
|
||||
// Inherit the privileges of the file owner, if setuid/setgid sticky bits are set.
|
||||
void eowner(char sw) {
|
||||
if (sw == -1) { // Give up priveleges entirely (cannot be re-acquired)
|
||||
setgid(userGID);
|
||||
setreuid(userUID,userUID);
|
||||
return;
|
||||
}
|
||||
|
||||
if (sw == 0) { // Uninherit priveleges (root privileges can still be acquired by this process and sub-processes, they're just not in effect)
|
||||
setgid(userGID);
|
||||
setreuid(userUID,ownerUID);
|
||||
return;
|
||||
}
|
||||
|
||||
if (sw == 1) { // Acquire priveleges
|
||||
setgid(ownerGID);
|
||||
setreuid(ownerUID,ownerUID);
|
||||
return;
|
||||
}
|
||||
|
||||
// printf("Real UID: %d\n", getuid());
|
||||
// printf("Effective UID: %d\n", geteuid());
|
||||
// printf("Real GID: %d\n", getgid());
|
||||
}
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
extern char **environ;
|
||||
environ = NULL; // Clear environment to boost security
|
||||
|
||||
userUID = getuid();
|
||||
userGID = getgid();
|
||||
ownerUID = geteuid();
|
||||
ownerGID = getegid();
|
||||
eowner(0);
|
||||
|
||||
// Menu
|
||||
char choice;
|
||||
char valid;
|
||||
|
@ -68,13 +101,10 @@ int main(int argc, char **argv) {
|
|||
if (choice == 4) { cmd[0] = CMD_REBOOT; }
|
||||
if (choice == 5) { cmd[0] = CMD_POWEROFF; }
|
||||
|
||||
int uid = getuid(); // User who's calling the program
|
||||
int euid = geteuid(); // User who owns the program
|
||||
|
||||
// Run program
|
||||
setuid(euid); // root
|
||||
eowner(1);
|
||||
int rtn = execv(cmd[0],cmd);
|
||||
setuid(uid); // unroot
|
||||
eowner(-1);
|
||||
if (rtn == -1) {
|
||||
return 254 - errno;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue