add some security checks when running SUID root

on Darwin, htop needs to run with root privileges to display information
about other users processes. This commit makes running htop SUID root a
bit more safe.

2 files changed, 12 insertions, 6 deletions

diff --git a/Process.c b/Process.c
index 4999bfcb..a1c2079c 100644
--- a/Process.c
+++ b/Process.c
@@ -513,12 +513,16 @@ void Process_toggleTag(Process* this) {
 }
 
 bool Process_setPriority(Process* this, int priority) {
-   int old_prio = getpriority(PRIO_PROCESS, this->pid);
-   int err = setpriority(PRIO_PROCESS, this->pid, priority);
-   if (err == 0 && old_prio != getpriority(PRIO_PROCESS, this->pid)) {
-      this->nice = priority;
+   if ( Process_getuid == 0 || Process_getuid == (int) this->st_uid ) {
+      int old_prio = getpriority(PRIO_PROCESS, this->pid);
+      int err = setpriority(PRIO_PROCESS, this->pid, priority);
+      if (err == 0 && old_prio != getpriority(PRIO_PROCESS, this->pid)) {
+         this->nice = priority;
+      }
+      return (err == 0);
    }
-   return (err == 0);
+   else
+      return false;
 }
 
 bool Process_changePriorityBy(Process* this, size_t delta) {
@@ -526,7 +530,8 @@ bool Process_changePriorityBy(Process* this, size_t delta) {
 }
 
 void Process_sendSignal(Process* this, size_t sgn) {
-   kill(this->pid, (int) sgn);
+   if ( Process_getuid == 0 || Process_getuid == (int) this->st_uid )
+      kill(this->pid, (int) sgn);
 }
 
 long Process_pidCompare(const void* v1, const void* v2) {
diff --git a/TraceScreen.c b/TraceScreen.c
index ecd0c0ab..3a62eb63 100644
--- a/TraceScreen.c
+++ b/TraceScreen.c
@@ -86,6 +86,7 @@ void TraceScreen_run(TraceScreen* this) {
    int child = fork();
    if (child == -1) return;
    if (child == 0) {
+      seteuid(getuid());
       dup2(fdpair[1], STDERR_FILENO);
       int ok = fcntl(fdpair[1], F_SETFL, O_NONBLOCK);
       if (ok != -1) {