fb633eaa14
remaining patches into distinct patchfiles. Thanks to Dmitry V. Levin for identifying them! Drop ia64 specific patches and specfile fragments
58 lines
1.6 KiB
Diff
58 lines
1.6 KiB
Diff
From ee3d4021aaaeacff7cf2addcdaa48859fffba2aa Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schwab <schwab@redhat.com>
|
|
Date: Thu, 3 Feb 2011 15:45:02 +0100
|
|
Subject: [PATCH] Replace setuid by file capabilities
|
|
|
|
* login/programs/pt_chown.c (main): Check for valid file
|
|
descriptor instead of privileges. Be careful to drop all
|
|
capabilities when not needed.
|
|
|
|
---
|
|
ChangeLog | 6 ++++++
|
|
login/programs/pt_chown.c | 14 +++++++++-----
|
|
3 files changed, 16 insertions(+), 6 deletions(-)
|
|
|
|
--- a/login/programs/pt_chown.c
|
|
+++ b/login/programs/pt_chown.c
|
|
@@ -28,6 +28,7 @@
|
|
#include <string.h>
|
|
#include <sys/stat.h>
|
|
#include <unistd.h>
|
|
+#include <fcntl.h>
|
|
#ifdef HAVE_LIBCAP
|
|
# include <sys/capability.h>
|
|
# include <sys/prctl.h>
|
|
@@ -142,7 +143,7 @@ main (int argc, char *argv[])
|
|
uid_t uid = getuid ();
|
|
int remaining;
|
|
|
|
- if (argc == 1 && euid == 0)
|
|
+ if (argc == 1 && fcntl (PTY_FILENO, F_GETFD) == 0)
|
|
{
|
|
#ifdef HAVE_LIBCAP
|
|
/* Drop privileges. */
|
|
@@ -175,6 +176,13 @@ main (int argc, char *argv[])
|
|
|
|
/* We aren't going to be using privileges, so drop them right now. */
|
|
setuid (uid);
|
|
+#ifdef HAVE_LIBCAP
|
|
+ cap_t caps = cap_init ();
|
|
+ if (caps == NULL)
|
|
+ error (1, errno, "cap_init");
|
|
+ cap_set_proc (caps);
|
|
+ cap_free (caps);
|
|
+#endif
|
|
|
|
/* Set locale via LC_ALL. */
|
|
setlocale (LC_ALL, "");
|
|
@@ -194,9 +202,5 @@ main (int argc, char *argv[])
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
- /* Check if we are properly installed. */
|
|
- if (euid != 0)
|
|
- error (FAIL_EXEC, 0, gettext ("needs to be installed setuid `root'"));
|
|
-
|
|
return EXIT_SUCCESS;
|
|
}
|