Merge pull request #14 from swaywm/shadow-fortify-drop-root

Make sure we can't restore root after setuid
2019-01-16 19:05:41 -05:00 · 2019-01-16 19:05:41 -05:00 · 5303a5f300
commit 5303a5f300
parent b44d7a0e48 3bdf58a455
1 changed files with 9 additions and 1 deletions
--- a/shadow.c
+++ b/shadow.c
@ -21,7 +21,7 @@ static void clear_buffer(void *buf, size_t bytes) {
 	}
 }

-void run_child(void) {
+static void run_child(void) {
 	/* This code runs as root */
 	struct passwd *pwent = getpwuid(getuid());
 	if (!pwent) {
@ -46,6 +46,9 @@ void run_child(void) {
 	if (setuid(getuid()) != 0) {
 		exit(EXIT_FAILURE);
 	}
+	if (setuid(0) != -1) {
+		exit(EXIT_FAILURE);
+	}

 	/* This code does not run as root */
 	swaylock_log(LOG_DEBUG, "prepared to authorize user %s", pwent->pw_name);
@ -127,6 +130,11 @@ void initialize_pw_backend(void) {
 		swaylock_log_errno(LOG_ERROR, "Unable to drop root");
 		exit(EXIT_FAILURE);
 	}
+	if (setuid(0) != -1) {
+		swaylock_log_errno(LOG_ERROR, "Unable to drop root (we shouldn't be "
+			"able to restore it after setuid)");
+		return false;
+	}
 }

 bool attempt_password(struct swaylock_password *pw) {