diff options
author | John (J5) Palmieri <johnp@redhat.com> | 2008-01-14 15:07:48 -0500 |
---|---|---|
committer | John (J5) Palmieri <johnp@redhat.com> | 2008-01-14 15:07:48 -0500 |
commit | ede4e4514698612e226763ea8b6ae8ce13f2173d (patch) | |
tree | d0764decc001fd10699b1c50feac8735491aa094 | |
parent | 047ec880e9e228183237c661ec2e45a949785cb9 (diff) |
add _dbus_geteuid to fix EXTERNAL authentication in setuid applications
2008-01-14 John (J5) Palmieri <johnp@redhat.com>
* Patch by Andrea Luzzardi <scox at sig11 dot org>: creates a
_dbus_geteuid function to fix EXTERNAL authentication in setuid
applications
* dbus/dbus-sysdeps-unix.c (_dbus_geteuid): used to get the effective
uid of the running program
(_dbus_credentials_add_from_current_process): use geteuid instead of
getuid
(_dbus_append_user_from_current_process): use geteuid instead of
getuid
* dbus/dbus-sysdeps-util-unix.c (_dbus_change_to_daemon_user): use
geteuid instead of getuid
(_dbus_unix_user_is_at_console): use geteuid instead of getuid
* dbus/dbus-sysdeps-win.c (_dbus_geteuid): add a windows equivilant
that returns DBUS_UID_UNSET
-rw-r--r-- | ChangeLog | 20 | ||||
-rw-r--r-- | dbus/dbus-sysdeps-unix.c | 13 | ||||
-rw-r--r-- | dbus/dbus-sysdeps-unix.h | 1 | ||||
-rw-r--r-- | dbus/dbus-sysdeps-util-unix.c | 4 | ||||
-rw-r--r-- | dbus/dbus-sysdeps-win.c | 11 |
5 files changed, 44 insertions, 5 deletions
@@ -1,3 +1,23 @@ +2008-01-14 John (J5) Palmieri <johnp@redhat.com> + + * Patch by Andrea Luzzardi <scox at sig11 dot org>: creates a + _dbus_geteuid function to fix EXTERNAL authentication in setuid + applications + + * dbus/dbus-sysdeps-unix.c (_dbus_geteuid): used to get the effective + uid of the running program + (_dbus_credentials_add_from_current_process): use geteuid instead of + getuid + (_dbus_append_user_from_current_process): use geteuid instead of + getuid + + * dbus/dbus-sysdeps-util-unix.c (_dbus_change_to_daemon_user): use + geteuid instead of getuid + (_dbus_unix_user_is_at_console): use geteuid instead of getuid + + * dbus/dbus-sysdeps-win.c (_dbus_geteuid): add a windows equivilant + that returns DBUS_UID_UNSET + 2007-12-18 Havoc Pennington <hp@redhat.com> * dbus/dbus-connection.c (_dbus_connection_block_pending_call): diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index 2ce7427b..c4866bbb 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -1643,7 +1643,7 @@ _dbus_credentials_add_from_current_process (DBusCredentials *credentials) if (!_dbus_credentials_add_unix_pid(credentials, _dbus_getpid())) return FALSE; - if (!_dbus_credentials_add_unix_uid(credentials, _dbus_getuid())) + if (!_dbus_credentials_add_unix_uid(credentials, _dbus_geteuid())) return FALSE; return TRUE; @@ -1664,7 +1664,7 @@ dbus_bool_t _dbus_append_user_from_current_process (DBusString *str) { return _dbus_string_append_uint (str, - _dbus_getuid ()); + _dbus_geteuid ()); } /** @@ -1686,6 +1686,15 @@ _dbus_getuid (void) return getuid (); } +/** Gets our effective UID + * @returns process effective UID + */ +dbus_uid_t +_dbus_geteuid (void) +{ + return geteuid (); +} + /** * The only reason this is separate from _dbus_getpid() is to allow it * on Windows for logging but not for other purposes. diff --git a/dbus/dbus-sysdeps-unix.h b/dbus/dbus-sysdeps-unix.h index 9123185b..0005cd87 100644 --- a/dbus/dbus-sysdeps-unix.h +++ b/dbus/dbus-sysdeps-unix.h @@ -121,6 +121,7 @@ dbus_bool_t _dbus_group_info_fill_gid (DBusGroupInfo *info, void _dbus_group_info_free (DBusGroupInfo *info); dbus_uid_t _dbus_getuid (void); +dbus_uid_t _dbus_geteuid (void); dbus_gid_t _dbus_getgid (void); dbus_bool_t _dbus_parse_uid (const DBusString *uid_str, diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index 49965d9a..9ff3fbc1 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -332,7 +332,7 @@ _dbus_change_to_daemon_user (const char *user, } #ifdef HAVE_LIBAUDIT - we_were_root = _dbus_getuid () == 0; + we_were_root = _dbus_geteuid () == 0; new_caps = NULL; /* have a tmp set of caps that we use to transition to the usr/grp dbus should * run as ... doesn't really help. But keeps people happy. @@ -990,7 +990,7 @@ _dbus_unix_user_is_at_console (dbus_uid_t uid, dbus_bool_t _dbus_unix_user_is_process_owner (dbus_uid_t uid) { - return uid == _dbus_getuid (); + return uid == _dbus_geteuid (); } /** diff --git a/dbus/dbus-sysdeps-win.c b/dbus/dbus-sysdeps-win.c index 3c6c31be..a67e502a 100644 --- a/dbus/dbus-sysdeps-win.c +++ b/dbus/dbus-sysdeps-win.c @@ -834,7 +834,16 @@ out1: * @returns process UID */ dbus_uid_t -_dbus_getuid(void) +_dbus_getuid (void) +{ + return DBUS_UID_UNSET; +} + +/** Gets our effective UID + * @returns process effective UID + */ +dbus_uid_t +_dbus_geteuid (void) { return DBUS_UID_UNSET; } |