Inherit group as well as user

2023-10-01 04:18:24 +02:00 · 2023-10-01 04:18:24 +02:00 · 123d69bd86
parent c5d384dcd3
commit 123d69bd86
2 changed files with 36 additions and 5 deletions
--- a/1
+++ b/1
@ -7,3 +7,4 @@ cp "$SCRIPT_DIR/$DISTRO" "$INSTALL_DIR"
 chown root "$INSTALL_DIR/$DISTRO"
 chmod 755 "$INSTALL_DIR/$DISTRO"
 chmod u+s "$INSTALL_DIR/$DISTRO"
+chmod g+s "$INSTALL_DIR/$DISTRO"
--- a/src/main.c
+++ b/src/main.c
@ -33,10 +33,43 @@ char readline(char * buffer,int maxsize) {
 	}
 }

+int userUID; int userGID;
+int ownerUID; int ownerGID;
+// Inherit the privileges of the file owner, if setuid/setgid sticky bits are set.
+void eowner(char sw) {
+	if (sw == -1) { // Give up priveleges entirely (cannot be re-acquired)
+		setgid(userGID);
+		setreuid(userUID,userUID);
+		return;
+	}
+	
+	if (sw == 0) { // Uninherit priveleges (root privileges can still be acquired by this process and sub-processes, they're just not in effect)
+		setgid(userGID);
+		setreuid(userUID,ownerUID);
+		return;
+	}
+	
+	if (sw == 1) { // Acquire priveleges
+		setgid(ownerGID);
+		setreuid(ownerUID,ownerUID);
+		return;
+	}
+	
+	// printf("Real UID:      %d\n", getuid());
+	// printf("Effective UID: %d\n", geteuid());
+	// printf("Real GID:      %d\n", getgid());
+}
+
 int main(int argc, char **argv) {
 	extern char **environ;
 	environ = NULL; // Clear environment to boost security
 	
+	userUID = getuid();
+	userGID = getgid();
+	ownerUID = geteuid();
+	ownerGID = getegid();
+	eowner(0);
+	
 	// Menu
 	char choice;
 	char valid;
@ -68,13 +101,10 @@ int main(int argc, char **argv) {
 	if (choice == 4) { cmd[0] = CMD_REBOOT; }
 	if (choice == 5) { cmd[0] = CMD_POWEROFF; }
 	
-	int uid = getuid(); // User who's calling the program
-	int euid = geteuid(); // User who owns the program
-	
 	// Run program
-	setuid(euid); // root
+	eowner(1);
 	int rtn = execv(cmd[0],cmd);
-	setuid(uid); // unroot
+	eowner(-1);
 	if (rtn == -1) {
 		return 254 - errno;
 	}