summaryrefslogtreecommitdiff
path: root/uidswap.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2016-02-29 12:15:15 +0000
committerColin Watson <cjwatson@debian.org>2016-03-08 11:51:22 +0000
commit46961f5704f8e86cea3e99253faad55aef4d8f35 (patch)
tree0dd97fa4fb649a62b4639fe2674380872b1f3e98 /uidswap.c
parentc753fe267efb1b027424fa8706cf0385fc3d14c1 (diff)
parent85e40e87a75fb80a0bf893ac05a417d6c353537d (diff)
New upstream release (7.2).
Diffstat (limited to 'uidswap.c')
-rw-r--r--uidswap.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/uidswap.c b/uidswap.c
index 0702e1d9e..8bf6b244e 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -134,7 +134,7 @@ temporarily_use_uid(struct passwd *pw)
134void 134void
135permanently_drop_suid(uid_t uid) 135permanently_drop_suid(uid_t uid)
136{ 136{
137#ifndef HAVE_CYGWIN 137#ifndef NO_UID_RESTORATION_TEST
138 uid_t old_uid = getuid(); 138 uid_t old_uid = getuid();
139#endif 139#endif
140 140
@@ -142,8 +142,14 @@ permanently_drop_suid(uid_t uid)
142 if (setresuid(uid, uid, uid) < 0) 142 if (setresuid(uid, uid, uid) < 0)
143 fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno)); 143 fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno));
144 144
145#ifndef HAVE_CYGWIN 145#ifndef NO_UID_RESTORATION_TEST
146 /* Try restoration of UID if changed (test clearing of saved uid) */ 146 /*
147 * Try restoration of UID if changed (test clearing of saved uid).
148 *
149 * Note that we don't do this on Cygwin, or on Solaris-based platforms
150 * where fine-grained privileges are available (the user might be
151 * deliberately allowed the right to setuid back to root).
152 */
147 if (old_uid != uid && 153 if (old_uid != uid &&
148 (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) 154 (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
149 fatal("%s: was able to restore old [e]uid", __func__); 155 fatal("%s: was able to restore old [e]uid", __func__);
@@ -199,7 +205,7 @@ restore_uid(void)
199void 205void
200permanently_set_uid(struct passwd *pw) 206permanently_set_uid(struct passwd *pw)
201{ 207{
202#ifndef HAVE_CYGWIN 208#ifndef NO_UID_RESTORATION_TEST
203 uid_t old_uid = getuid(); 209 uid_t old_uid = getuid();
204 gid_t old_gid = getgid(); 210 gid_t old_gid = getgid();
205#endif 211#endif
@@ -227,7 +233,7 @@ permanently_set_uid(struct passwd *pw)
227 if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) 233 if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
228 fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); 234 fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
229 235
230#ifndef HAVE_CYGWIN 236#ifndef NO_UID_RESTORATION_TEST
231 /* Try restoration of GID if changed (test clearing of saved gid) */ 237 /* Try restoration of GID if changed (test clearing of saved gid) */
232 if (old_gid != pw->pw_gid && pw->pw_uid != 0 && 238 if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
233 (setgid(old_gid) != -1 || setegid(old_gid) != -1)) 239 (setgid(old_gid) != -1 || setegid(old_gid) != -1))
@@ -241,7 +247,7 @@ permanently_set_uid(struct passwd *pw)
241 (u_int)pw->pw_gid); 247 (u_int)pw->pw_gid);
242 } 248 }
243 249
244#ifndef HAVE_CYGWIN 250#ifndef NO_UID_RESTORATION_TEST
245 /* Try restoration of UID if changed (test clearing of saved uid) */ 251 /* Try restoration of UID if changed (test clearing of saved uid) */
246 if (old_uid != pw->pw_uid && 252 if (old_uid != pw->pw_uid &&
247 (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) 253 (setuid(old_uid) != -1 || seteuid(old_uid) != -1))