process_prefix_flag: Drop privileges
Using --prefix in a setuid binary is quite dangerous. An unprivileged user could prepare a custom shadow file in home directory. During a data race the user could exchange directories with links which could lead to exchange of shadow file in system's /etc directory. This could be used for local privilege escalation. Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
This commit is contained in:
parent
1132b89236
commit
812f934e77
@ -85,6 +85,15 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char **
|
|||||||
|
|
||||||
|
|
||||||
if (prefix != NULL) {
|
if (prefix != NULL) {
|
||||||
|
/* Drop privileges */
|
||||||
|
if ( (setregid (getgid (), getgid ()) != 0)
|
||||||
|
|| (setreuid (getuid (), getuid ()) != 0)) {
|
||||||
|
fprintf (log_get_logfd(),
|
||||||
|
_("%s: failed to drop privileges (%s)\n"),
|
||||||
|
log_get_progname(), strerror (errno));
|
||||||
|
exit (EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
if ( prefix[0] == '\0' || !strcmp(prefix, "/"))
|
if ( prefix[0] == '\0' || !strcmp(prefix, "/"))
|
||||||
return ""; /* if prefix is "/" then we ignore the flag option */
|
return ""; /* if prefix is "/" then we ignore the flag option */
|
||||||
/* should we prevent symbolic link from being used as a prefix? */
|
/* should we prevent symbolic link from being used as a prefix? */
|
||||||
|
Loading…
Reference in New Issue
Block a user