diff options
author | Hisham Muhammad <hisham@gobolinux.org> | 2017-07-26 15:40:55 -0300 |
---|---|---|
committer | Hisham Muhammad <hisham@gobolinux.org> | 2017-07-26 15:40:55 -0300 |
commit | 543d65c6ab767a53844c28d9e887440dec90da1c (patch) | |
tree | 8f3dd30712aca174dd621f21e35e07a99164db70 /CRT.h | |
parent | f205f7004c2530a499175ad240e0d83e484a0961 (diff) |
Security review: make privilege dropping-restoring optional.
This is/was necessary only on macOS, because you needed root in order
to read the process list. This was never necessary on Linux, and
it also raises security concerns, so now it needs to be enabled
explicitly at build time.
Diffstat (limited to 'CRT.h')
-rw-r--r-- | CRT.h | 22 |
1 files changed, 22 insertions, 0 deletions
@@ -9,6 +9,9 @@ Released under the GNU GPL, see the COPYING file in the source distribution for its full text. */ +#if HAVE_SETUID_ENABLED +#endif + #define ColorIndex(i,j) ((7-i)*8+j) #define ColorPair(i,j) COLOR_PAIR(ColorIndex(i,j)) @@ -154,6 +157,25 @@ extern int CRT_colorScheme; void *backtraceArray[128]; +#if HAVE_SETUID_ENABLED + +#define DIE(msg) do { CRT_done(); fprintf(stderr, msg); exit(1); } while(0) + +void CRT_dropPrivileges(); + +void CRT_restorePrivileges(); + +#else + +/* Turn setuid operations into NOPs */ + +#ifndef CRT_dropPrivileges +#define CRT_dropPrivileges() +#define CRT_restorePrivileges() +#endif + +#endif + // TODO: pass an instance of Settings instead. void CRT_init(int delay, int colorScheme); |