pjht/swaylock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make sure we can't restore root after setuid

Browse Source
This commit is contained in:
emersion 2019-01-16 22:33:14 +01:00
parent 762e3f32ef
commit 3bdf58a455
No known key found for this signature in database
GPG Key ID: 0FDE7BE0E88F5E48
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
shadow.c
View File

@ -21,7 +21,7 @@ static void clear_buffer(void *buf, size_t bytes) {
}
}
void run_child(void) {
static void run_child(void) {
/* This code runs as root */
struct passwd *pwent = getpwuid(getuid());
if (!pwent) {
@ -46,6 +46,9 @@ void run_child(void) {
if (setuid(getuid()) != 0) {
exit(EXIT_FAILURE);
}
if (setuid(0) != -1) {
exit(EXIT_FAILURE);
}
/* This code does not run as root */
swaylock_log(LOG_DEBUG, "prepared to authorize user %s", pwent->pw_name);
@ -127,6 +130,11 @@ void initialize_pw_backend(void) {
swaylock_log_errno(LOG_ERROR, "Unable to drop root");
exit(EXIT_FAILURE);
}
if (setuid(0) != -1) {
swaylock_log_errno(LOG_ERROR, "Unable to drop root (we shouldn't be "
"able to restore it after setuid)");
return false;
}
}
bool attempt_password(struct swaylock_password *pw) {