From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Solar Designer <solar@openwall.com>
Date: Tue, 6 Feb 2024 22:05:45 +0100
Subject: [PATCH] grub-set-bootflag: Exit calmly when not running as root

Exit calmly when not installed SUID root and invoked by non-root.  This
allows installing user/grub-boot-success.service unconditionally while
supporting non-SUID installation of the program for some limited usage.

Signed-off-by: Solar Designer <solar@openwall.com>
---
 util/grub-set-bootflag.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c
index 514c4f9091ac..31a868aeca8a 100644
--- a/util/grub-set-bootflag.c
+++ b/util/grub-set-bootflag.c
@@ -98,6 +98,17 @@ int main(int argc, char *argv[])
   bootflag = bootflags[i];
   len = strlen (bootflag);
 
+  /*
+   * Exit calmly when not installed SUID root and invoked by non-root.  This
+   * allows installing user/grub-boot-success.service unconditionally while
+   * supporting non-SUID installation of the program for some limited usage.
+   */
+  if (geteuid())
+    {
+      printf ("grub-set-bootflag not running as root, no action taken\n");
+      return 0;
+    }
+
   /*
    * setegid avoids the new grubenv's gid being that of the user.
    */