diff options
| author | Hisham Muhammad <hisham@gobolinux.org> | 2016-01-06 18:19:28 -0200 |
|---|---|---|
| committer | Hisham Muhammad <hisham@gobolinux.org> | 2016-01-06 18:19:28 -0200 |
| commit | fc4c9757b01676e7cc16a50f04a3be25c00abbf0 (patch) | |
| tree | 6a1e8a21adcdacf9579ad6bf41b99feee24550b2 | |
| parent | 82db9979b1eb5f24f8778f987655e008cfd96178 (diff) | |
| parent | 84783bd6f0b9da40d3ce92d0a81e56d276d24eca (diff) | |
Merge pull request #315 from mklein-de/suid
add some security checks when running SUID root
| -rw-r--r-- | Process.c | 6 | ||||
| -rw-r--r-- | Settings.c | 14 | ||||
| -rw-r--r-- | TraceScreen.c | 1 |
3 files changed, 20 insertions, 1 deletions
@@ -513,8 +513,11 @@ void Process_toggleTag(Process* this) { } bool Process_setPriority(Process* this, int priority) { + uid_t euid = geteuid(); + seteuid(getuid()); int old_prio = getpriority(PRIO_PROCESS, this->pid); int err = setpriority(PRIO_PROCESS, this->pid, priority); + seteuid(euid); if (err == 0 && old_prio != getpriority(PRIO_PROCESS, this->pid)) { this->nice = priority; } @@ -526,7 +529,10 @@ bool Process_changePriorityBy(Process* this, size_t delta) { } void Process_sendSignal(Process* this, size_t sgn) { + uid_t euid = geteuid(); + seteuid(getuid()); kill(this->pid, (int) sgn); + seteuid(euid); } long Process_pidCompare(const void* v1, const void* v2) { @@ -154,7 +154,12 @@ static void readFields(ProcessField* fields, int* flags, const char* line) { } static bool Settings_read(Settings* this, const char* fileName) { - FILE* fd = fopen(fileName, "r"); + FILE* fd; + uid_t euid = geteuid(); + + seteuid(getuid()); + fd = fopen(fileName, "r"); + seteuid(euid); if (!fd) return false; @@ -260,7 +265,11 @@ static void writeMeterModes(Settings* this, FILE* fd, int column) { bool Settings_write(Settings* this) { FILE* fd; + uid_t euid = geteuid(); + + seteuid(getuid()); fd = fopen(this->filename, "w"); + seteuid(euid); if (fd == NULL) { return false; } @@ -345,6 +354,8 @@ Settings* Settings_new(int cpuCount) { htopDir = String_cat(home, "/.config/htop"); } legacyDotfile = String_cat(home, "/.htoprc"); + uid_t euid = geteuid(); + seteuid(getuid()); (void) mkdir(configDir, 0700); (void) mkdir(htopDir, 0700); free(htopDir); @@ -357,6 +368,7 @@ Settings* Settings_new(int cpuCount) { free(legacyDotfile); legacyDotfile = NULL; } + seteuid(euid); } this->colorScheme = 0; this->changed = false; diff --git a/TraceScreen.c b/TraceScreen.c index ecd0c0ab..3a62eb63 100644 --- a/TraceScreen.c +++ b/TraceScreen.c @@ -86,6 +86,7 @@ void TraceScreen_run(TraceScreen* this) { int child = fork(); if (child == -1) return; if (child == 0) { + seteuid(getuid()); dup2(fdpair[1], STDERR_FILENO); int ok = fcntl(fdpair[1], F_SETFL, O_NONBLOCK); if (ok != -1) { |