diff options
| -rw-r--r-- | polyp/caps.c | 9 | ||||
| -rw-r--r-- | polyp/main.c | 9 |
2 files changed, 17 insertions, 1 deletions
diff --git a/polyp/caps.c b/polyp/caps.c index 739e7071..4ecb5848 100644 --- a/polyp/caps.c +++ b/polyp/caps.c @@ -35,6 +35,8 @@ #include "log.h" #include "caps.h" +#ifdef HAVE_GETUID + /* Drop root rights when called SUID root */ void pa_drop_root(void) { uid_t uid = getuid(); @@ -54,6 +56,13 @@ void pa_drop_root(void) { #endif } +#else + +void pa_drop_root(void) { +} + +#endif + #ifdef HAVE_SYS_CAPABILITY_H /* Limit capabilities set to CAPSYS_NICE */ diff --git a/polyp/main.c b/polyp/main.c index a56d2f1e..12b6b837 100644 --- a/polyp/main.c +++ b/polyp/main.c @@ -117,18 +117,25 @@ int main(int argc, char *argv[]) { char *s; int r, retval = 1, d = 0; int daemon_pipe[2] = { -1, -1 }; - gid_t gid = (gid_t) -1; int suid_root; int valid_pid_file = 0; +#ifdef HAVE_GETUID + gid_t gid = (gid_t) -1; +#endif + pa_limit_caps(); +#ifdef HAVE_GETUID suid_root = getuid() != 0 && geteuid() == 0; if (suid_root && (pa_uid_in_group("realtime", &gid) <= 0 || gid >= 1000)) { pa_log_warn(__FILE__": WARNING: called SUID root, but not in group 'realtime'.\n"); pa_drop_root(); } +#else + suid_root = 0; +#endif LTDL_SET_PRELOADED_SYMBOLS(); |