From b14f89e9d42f314ce964a500df842364770b06ee Mon Sep 17 00:00:00 2001
From: Michael Klein <michael.klein@puffin.lb.shuttle.de>
Date: Wed, 6 Jan 2016 22:52:37 +0100
Subject: drop privileges before reading environment

---
 EnvScreen.c | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

(limited to 'EnvScreen.c')

diff --git a/EnvScreen.c b/EnvScreen.c
index c989d26f..1881b1ff 100644
--- a/EnvScreen.c
+++ b/EnvScreen.c
@@ -60,23 +60,20 @@ static inline void addLine(const char* line, Vector* lines, Panel* panel, const
 static void EnvScreen_scan(EnvScreen* this, Vector* lines, IncSet* inc) {
    Panel* panel = this->display;
    int idx = MAX(Panel_getSelectedIndex(panel), 0);
-   uid_t uid = getuid();
 
    Panel_prune(panel);
 
-   if (uid == 0 || uid == this->process->st_uid) {
-      char *env = Platform_getProcessEnv(this->process->pid);
-      if (env) {
-         for (char *p = env; *p; p = strrchr(p, 0)+1)
-            addLine(p, lines, panel, IncSet_filter(inc));
-         free(env);
-      }
-      else {
-         addLine("Could not read process environment.", lines, panel, IncSet_filter(inc));
-      }
+   uid_t euid = geteuid();
+   seteuid(getuid());
+   char *env = Platform_getProcessEnv(this->process->pid);
+   seteuid(euid);
+   if (env) {
+      for (char *p = env; *p; p = strrchr(p, 0)+1)
+         addLine(p, lines, panel, IncSet_filter(inc));
+      free(env);
    }
    else {
-       addLine("Process belongs to different user.", lines, panel, IncSet_filter(inc));
+      addLine("Could not read process environment.", lines, panel, IncSet_filter(inc));
    }
 
    Vector_insertionSort(lines);
-- 
cgit v1.2.3