mirrors/cage
1
0
Fork 0
mirror of https://github.com/cage-kiosk/cage.git synced 2026-04-09 08:21:23 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Cage: drop gid before uid

Browse source 
If setuid is called first then the target user may not have the ability to
setgid.
This commit is contained in:
travankor 2020-04-13 14:05:19 -07:00
parent 5d7ff9e64d
commit 2e904e96d1
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
cage.c
View file

@ -146,13 +146,14 @@ static bool
drop_permissions(void)
{
if (getuid() != geteuid() || getgid() != getegid()) {
if (setuid(getuid()) != 0 || setgid(getgid()) != 0) {
// Set the gid and uid in the correct order.
if (setgid(getgid()) != 0 || setuid(getuid()) != 0) {
wlr_log(WLR_ERROR, "Unable to drop root, refusing to start");
return false;
}
}
if (setuid(0) != -1) {
if (setgid(0) != -1 || setuid(0) != -1) {
wlr_log(WLR_ERROR,
"Unable to drop root (we shouldn't be able to restore it after setuid), refusing to start");
return false;